en flag +1 214 306 68 37

Professional SIEM Services

Security Information and Event Management (SIEM) is a set of tools and services to monitor all system and network activity across all users, devices, and applications to help timely detect targeted cybersecurity attacks and data breaches. ScienceSoft offers end-to-end SIEM services to protect our clients and their sensitive data.

Professional SIEM Services - ScienceSoft
Professional SIEM Services - ScienceSoft

Over the past 15 years, ScienceSoft has built solid expertise with IBM QRadar SIEM and SOAR solutions. ScienceSoft SIEM team has performed more than a 100+ SIEM projects for the clients in banking, finance, government, energy, automotive, education, healthcare and telecom industry sectors worldwide (the US, Europe, the Gulf Cooperation Council, Africa, Japan).

Many SIEM deployments, while serving a good cause, do not realize the full value of a SIEM solution for the client and fail to address advanced targeted threats. Most typical issues with SIEM deployments include misconfiguration of the SIEM system; missing critical log sources of vulnerable business applications and other assets not supported out-of-the box; incorrect audit settings for connected devices that lead to missed security context; lack of correlation rules that address the right type of assets and/or the business context. As a result, many potential security threats relevant to client’s business pass unnoticed. This does not help mitigate security risks and leaves the SIEM ROI below its potential level.

Why Choose ScienceSoft SIEM/SOAR Services?

ScienceSoft has the right experience, skillset and commitment and is perfectly suited to successfully launch and lay the foundation for a successful project completion.

  • Expert knowledge of IBM QRadar SIEM and IBM SOAR architecture and implementation.
  • Proven track record: hundreds of successfully completed cybersecurity projects.
  • Team of experienced and certified consultants.
  • Deep technical expertise of networking devices, operating systems, software and device audit, logging, and security subsystems.
  • Considerable hands-on experience with security solutions lifecycle.

ScienceSoft engineers bring about two decades of expertise in SIEM/SOAR solutions development, deployment, integration, and consulting.

ScienceSoft was involved in the development of IBM TSIEM/TSOM in 2006-2011. More recently (2011 – 2023), ScienceSoft has become one of the leading global implementation partners for the QRadar Security Intelligence platform. Our certified QRadar consultants carry out assessments, deployments, fine-tuning, customization, and maintenance of SIEM and SOAR solutions.

Technical skills: ScienceSoft consultants have all mandatory technical skills that might be required for any kind of security consulting and development, including:

  • Software Development (Python, JavaScript, SQL, Shell & Batch, Regex, other)
  • System administration (Linux, UNIX, Windows, VMware ESXi, Docker)
  • Networking devices maintenance and network troubleshooting
  • SIEM/SOAR deployment, upgrade, and fine-tuning
  • SIEM customization (custom DSMs, reports, AQL queries, threat cases and correlation rules, automated integration solutions via REST API / SOAP / RPC, etc.)
  • SOAR customization (playbooks planning, design and development, workflow implementation, automation, custom functions, etc.)
  • Proven expertise: participated in creation of several IBM QRadar SIEM certification exams as invited experts: C2150-195 and C2150-214

Products: ScienceSoft SIEM team has developed more than 20 unique extensions (free and commercial) for QRadar, including:

  • QLEAN: formerly known as “Health Check Framework”; allows to perform periodical monitoring of a range of statistical, performance and behavioral metrics of a live IBM QRadar SIEM deployment (including distributed environments)
  • QWAD: automated WinCollect agents deployment solution with auto-configuration for different Windows services: IIS, DNS, DHCP, SQL, etc.
  • QIN: extended notification solution that allows to send SMS, create tickets in Jira, alert through Teams, and include many other offense notification options; can also automatically assign offenses to specific persons

More ScienceSoft applications available at:

SIEM Projects with ScienceSoft Stage by Stage

Turnkey SIEM projects may encompass seven core stages:

SIEM Project Steps - ScienceSoft

To enjoy the SIEM capabilities to the fullest, clients are strongly advised to invest in fine-tuning and training. ScienceSoft SIEM consultants are familiar with the challenges that clients face at each stage of a SIEM delivery project and know how to address them.

Commitment: Our team will work with you hand in hand to ensure that all expectations are not just met but exceeded. We will be available every day, all the way, and provide all the tools and guidance to ensure a successful implementation of your project.

1

Requirements processing

2

Solution design

3

Implementation

4

Customization and development

5

Fine-tuning and delivery

6

Training

7

Support and maintenance

SIEM-Based Specific Services

SIEM health check

ScienceSoft helps address SIEM deployment issues and identify ways to increase QRadar SIEM ROI by carrying out a Health Check of existing deployments and various other services. The Health Check includes:

  • Assessment of QRadar SIEM configuration against best practices for various platforms
  • Review of the coverage of network assets and business applications by QRadar SIEM
  • Implementation of audit configuration best practices for various platforms
  • Review of implemented threat cases and correlation rules for the client environment
  • Fine-tuning of the solution (enhance data quality, decrease false positives)
  • Quick troubleshooting and performance improvement recommendations
  • A written report of the Health Check results and recommendations for improvement

When configured and fine-tuned properly, QRadar correlation rules allow minimizing the possibility of advanced targeted threats to be missed by security professionals. QRadar SIEM will help its users to identify high-risk threats with near real-time correlation and behavioral anomaly detection, detect vulnerabilities and high-priority incidents among billions of data points and gain full visibility into network, application, and user activity.

A standard Health Check procedure is designed to be carried out for five (5) business days and can be performed onsite as well as offsite. Some of the steps following the Health Check may include (as a separate contract):

  • Threat cases design and correlation rules implementation for the specific client environment
  • Custom DSM development for business systems or network assets
  • Automation solutions design and development of automation tools
  • Security monitoring services
  • Yearly support for any kind of security services (fixed number of hours can be used for any related task)
  • Onsite or offsite trainings for security specialists working with QRadar SIEM

Ongoing L3 support for SIEM solutions

Our expert team is ready to help with continuous SIEM / SOAR solution support, providing an extended SLA for all your operational needs. We are not limited with specific task list for support, but instead we are proposing to utilize support hours for any possible task, related to client security: security policy adjusting or creating from scratch, in-deep analysis for complex offenses, development of a new threat cases, SIEM and SOAR customization, software development, operational support, OS/network troubleshooting, solution upgrade and all other related tasks. We are offering a fixed number of hours per year.

SIEM-based SOC/SOAR services

For the clients, who wish to have their own SOC and a dedicated team of security operators and analysts, ScienceSoft can assist in providing the best expertise in creating such SOC based on client’s existing IBM Security QRadar SIEM solution. If required, ScienceSoft will design, deploy, and integrate SIEM solution in client’s environment. Along with that, ScienceSoft will implement all necessary correlation rules and appropriate incident response workflows for every applicable threat case. Additionally, ScienceSoft provides hands-on experience training by IBM Security certified SIEM Consultants for security operators and analysts on IBM Security QRadar as well as on how to create and investigate offenses. Within just a reasonable amount of time, client’s team will be ready to control all security incidents and take appropriate actions for reducing possible risks for client’s assets.

For the clients, who wish to use an external team of SOC security operators, ScienceSoft can provide remote SOC monitoring services, acting as MSSP for security data analysis. Our team of security operators, with secure VPN access to client’s SIEM solution, accesses client’s environment and monitors security incidents on a negotiated SLA basis. Based on the drill-down incidents’ analysis, ScienceSoft will provide guidelines for the client to lock down the cause of registered security incidents. Each incident will be handled in accordance with the designed incident response workflow.

All offenses, however, still must be followed up and processed by the client’s team of system and network administrators, to perform a last-mile operations (like disabling users or blocking activity on firewall).

SIEM-based ATM security

As ATM network attacks are becoming more and more sophisticated, SIEM-based ATM security solutions come into play. ScienceSoft information security consultants respond to the growing ATM security threat by conducting an ATM network audit, incident data collection and analysis, security assurance of ATM network design and creating custom correlation rules for the client’s SIEM system. This comprehensive approach enables security administrators to cover all the ATM threat types.

SIEM-based APT protection

ScienceSoft SIEM consultants will build up a deeply personalized security environment to ensure SIEM-based Advanced Persistent Threat protection. Our security professionals will fine-tune your SIEM solution to transform it into a handy tool for discovering APT attacks at early stages.

Selected Projects

Our Happy Clients

View all customer reviews

Get in Touch

Our IBM-certified SIEM consultants are ready to respond to a security challenge of any complexity.