PROFESSIONAL SIEM SERVICES

SIEM Requirements gathering and processing

After analyzing initial requirements of a customer and network infrastructure of their company, ScienceSoft’s security consultants estimate project efforts and offer an optimal set of requirements depending on the scope and the customer’s security and pricing policy.

SIEM Design

Together with creating SIEM system design documentation, ScienceSoft’s security consultants define project acceptance criteria and confirm them with the customer to ensure full requirements coverage.

SIEM Implementation

What we do

• Deploy a SIEM system on the customer’s network environment.
• Provide SIEM system basic configuration.
• Connect out-of-the-box log sources.
• Connect custom log sources.
• Deliver a fine-tuned SIEM system and provide reports.

SIEM implementation challenges we address

• Undetected security attack vectors.
  Solution: high-quality audit baseline development for all target systems.
• Disconnected custom log sources.
  Solution: custom target system investigation prior to custom log source connection.
• Presence of various log source types.
  Solution: creation of correlation rules with multiple conditional levels for multiple log source types.

SIEM Fine-tuning

To maximize a SIEM system ability to detect intruders and to save time of an administrator, ScienceSoft’s security consultants analyze the operation of the SIEM system within the customer’s network and tune it to get rid of false positive correlation rules.

SIEM Training

ScienceSoft’s SIEM consultants are ready to share their knowledge with the customer’s security team in SIEM system management with a series of practice-oriented training sessions. Understanding the importance of the face-to-face contact between trainers and trainees, ScienceSoft offers in-house training sessions on the customer’s SIEM deployment.

Depending on the level of the customer’s security staff’s experience in SIEM system management, ScienceSoft’s IBM-certified consultants organize and conduct two tailored SIEM training sessions: Fundamentals and Advanced.

The Fundamentals training module includes the following highlights:

• Introduction into IBM Security QRadar SIEM
• Security Data
• QRadar User Interface
• Data Sources
• Advanced Searching
• Rules and Building Blocks
• Advanced Reporting
• Health Monitoring

The Advanced training module, targeted at more QRadar-savvy specialists features the following topics:

• Introduction to QRadar Administration Features and Functionality
• Security Events Normalization
• Building log source extensions (LSX) (normalization part)
• Building log source extensions (LSX) (mapping part)
• Building Blocks (BB) Overview and Specifics. Enabling Custom BB
• Rules Overview
• Creating Rules
• Tuning Rules
• Fine Tuning False Positives
• Offences
• QRadar Risk Manager
• QRadar Vulnerability Manager

SIEM Delivery

ScienceSoft security professionals have earned their reputation for delivering SIEM services that satisfy customers’ needs. SIEM delivery includes the following stages:

• Final check of the SIEM system performance
• Acceptance testing by the customer
• Physical handover of all the source codes, documentation and access keys).

SIEM support and maintenance

ScienceSoft ensures performance capacity of the SIEM system features and elements included in the scope of a SIEM project we’ve implemented in case the way of log source connection changes, new event types are added or the SIEM system is updated.