SIEM Consulting for a US Cloud Security Provider
The Customer is a US-based provider of a cloud-based, multi-tenant security-as-a-service solution. The company monitors, analyzes and protects enterprises of all sizes by ensuring intrusion detection, vulnerability assessment, web application protection, log management and threat research along with advanced analytics. The Customer holds a number of awards in vulnerability management and is named among the top influencers in cyber security.
The Customer decided to develop a proprietary SIEM tool that would allow end clients to detect threats, manage vulnerabilities, ensure web security and more. Having a precise vision of the future solution, the Customer, however, found it highly challenging to build up the logic and create correlation rules that could ensure the proper functioning of the system. For this purpose, the Customer was looking for SIEM cloud security consultants who could help to elaborate the logic from ground up to be applied to the solution.
Among multiple SIEM cloud security consulting companies, the Customer chose ScienceSoft as an expert with more than 13 years of experience in information security that co-created IBM TSIEM/TCIM and TSOM products, co-developed IBM’s official TSIEM to QRadar migration guide, as well as developed a proprietary QLean (also known as Health Check Framework) for IBM QRadar SIEM.
To solve the task, ScienceSoft’s team suggested to follow best practices and recommendations in SIEM cloud security introduced by the information security experts of SANS Institute, namely on CIS Critical Security Controls that represent a recommended set of actions for cyber defense, providing specific and actionable ways to detect the most pervasive and dangerous attacks.
Sticking to the Customer’s requirements, in just 2 months ScienceSoft developed more than 120 correlation rules that met 18 out of 20 possible CIS Critical Security Controls. The rules were designed for such platforms as Cisco ASA, NetScreen, FireEye, Oracle, IronPort and others to ensure the extensive functionality of the solution in the works.
Applying the logic developed by ScienceSoft’s cloud security consulting team, the Customer managed to successfully launch its proprietary SIEM solution. Today, the solution is used by more than 3,500 clients all over the world.