CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How Co-Managed SOC Helps Derive Maximum Value from Your SIEM Investment

Security information and event management (SIEM) systems are crucial to cyber security, providing a solution for collecting and analyzing alerts from all manner of security tools, network infrastructure, and applications. But simply having a SIEM is not enough because to be truly effective, it must be properly configured, managed, and monitored 24x7.

And there’s the rub: few organizations have enough security expertise in-house to properly configure and manage their SIEM, never mind monitor it around the clock. Without that, you can’t get the full value from your SIEM investment.

A managed SIEM service, such as the Trustwave Co-Managed SOC, provides a solution, as Gartner has made clear.

“Buyers who have invested in SIEM technology use Managed SIEM services to derive more value. They … get assistance with decisions around strategy, architecture, maintenance, development, or support,” Gartner says in its Market Guide for Managed SIEM Services. “This leads to better security operations results.”

SIEMs Explained

Customers need that assistance due to the inherent complexity of SIEMs.

The basic function of a SIEM is to collect security data from various components in your network, including cloud-based and on-premises. But you don’t want to collect every possible piece of data, as that would quickly become overwhelming to monitor, serving only to increase operational costs without effective outcomes.

So, to be effective, a SIEM must be properly configured to your specific environment, targeting the use cases and applications that are most appropriate for your organization and its risk profile. And it’s hardly a “set it and forget it” endeavor. Rather, the SIEM must be continually tuned over time depending on the results it delivers, the health of its data feeds, and to keep up with changes in your environment.

Security professionals must also periodically assess whether the SIEM is generating useful alerts. In fact, a misconfigured SIEM can be more of a liability than a benefit. A never-ending stream of alerts and false positives puts the security organization in constant fire-drill mode, potentially unable to have the resources to investigate or identify truly impactful alerts amid the din.

Managed SIEM Services

As Gartner noted, managed SIEM services can fill the void. To date, such services have generally taken one of two varieties: Managed SIEM and SOC-as-a-Service (SOCaaS). 

Managed SIEM services are much like managed services for firewalls and endpoint detection and response (EDR) tools in that they help customers manage their SIEM. Most will include SIEM deployment, configuration and management, and some may include ongoing optimization. Often, however, managed SIEM offerings do not include 24x7 alert monitoring.

With SOCaaS, your provider assumes ownership of the SIEM infrastructure and product licensing. Think of SOCaaS as an extension of the managed security service provider (MSSP) model, often aimed at smaller organizations that don’t already have a SIEM nor a security operations center (SOC). Instead, companies direct all the data the SIEM produces to their provider, who takes responsibility for correlating alert data and finding actionable alerts amid all the false positives.

Trustwave Co-Managed SOC

Managed SIEM and SOCaaS may indeed be a step forward for companies that don’t have the resources to manage their own SIEM. But the Trustwave Co-Managed SOC approach adds several elements that help companies derive maximum value from their SIEM investments.

Trustwave Co-Managed SOC takes a four-step approach based on proven processes and use cases, along with experience from the Trustwave SpiderLabs team.

The first is “consult and plan,” where security experts assigned to your account create a roadmap specifically for your business. These experts assess your current capabilities and security priorities. They build a transition plan and tune your SIEM based on your priorities, drawing from an extensive library of field-proven and industry aligned use cases, as well as custom use cases specific to your environment. They also provide predictable cost and capacity estimates, so you won’t be subject to the runaway costs that can quickly arise when you simply send all SIEM alerts to your SIEM provider.

Next comes “build and onboard,” following a proven methodology and best practices to get you up and running quickly, accelerating time to value with a dedicated governance team.

The next two phases are ongoing. In the “manage and monitor” phase, Trustwave acts as a true extension of your security team, increasing their productivity and freeing up resources. And of course, Trustwave provides 24x7 incident monitoring and investigations to help you prioritize incidents with actionable recommendations for immediate action, informed by SpiderLabs global threat intelligence.

Finally, your Trustwave named security advisor will continually tune your SIEM for optimal performance for the specific use cases and security policies that are most important to your organization. Trustwave uses an iterative, closed loop method to SIEM management that involves constantly learning from the alerts your SIEM produces and tuning it to become increasingly more effective at homing in on the most important alerts – helping you reduce alert noise by up to 90%.

Adding Managed Detection and Response (MDR)

Trustwave Co-Managed SOC is also a great complement to the Trustwave Managed Detection and Response (MDR) service. With MDR, Trustwave security analysts provide deeper threat investigation, threat hunting, and response at the endpoint. They investigate to understand the full impact of a threat, enabling a more informed response. Running Co-Managed SOC in parallel with MDR means you not only get alerted to your most serious threats on a 24x7 basis but enable Trustwave to respond and contain threats.

Implementing a SIEM is an important part of any cyber security strategy, and a managed service is often a requirement to properly configure, operate, and monitor your SIEM. But don’t settle for a service that doesn’t help you derive maximum value from your SIEM investment and your internal resources.

Learn more about how Trustwave Co-Managed SOC can help: download our new guide, “Get Maximum Value from Your SIEM.”  And to learn more about how MDR fits into the picture, visit our MDR webpage.

Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More