Cybersecurity isn’t an aspect of your business that should be taken lightly. That applies to how you decide who you choose to partner with for managed SIEM (network monitoring) services too. Managed SIEM providers are sort of like cocktails, two providers can offer a service with the same name, but vastly different deliverables. Have you ever had a “margarita” that tasted like jet fuel? When it comes to your company’s cybersecurity, it’s best to really know what you’re ordering. Here are five things to consider when choosing a managed SIEM provider.
1. Do they use a mature SIEM tool to deliver services? Not all SIEM tools are created equal. A mature tool will provide a team of Analysts and Threat Hunters more capabilities and allow them to work faster during critical investigations. Using a lower-level tool might save some money, but you will spend more if that cheaper tool misses something and now you have a real security incident on your hands.
2. Are they willing to be agile with the SIEM tool they choose to work with? The absolute best SIEM tool today may be obsolete in a few years. It’s just the nature of the game since threat actors are constantly evolving their methods to be able to circumvent any existing technologies. Make sure that your company’s security program is able to evolve with them.
3. Do they understand the needs of your business and industry, and know how to tailor their services to your specific needs? No two environments are exactly the same and different environments have different security needs. A medical company may need to have additional rules built into their SIEM in order to meet necessary compliance standards like HIPPA or HITRUST that a logistics company may not. Be wary of managed SIEM providers that only offer a “one-size-fits-all” SIEM solution, without regard for the ways in which your environment is unique.
4. Do they have knowledgable staff in place? A mature SIEM tool may have the capability to be powerful, but it still requires an expert to tune it properly and bring out its full potential. Just like how professional F1 driver Lando Norris would almost certainly be able to coax a much better performance out of his super powered McLaren 765LT Spider compared to just someone with a driver’s license. Could that someone drive the McLaren 765LT Spider? Sure. But would you want them behind the wheel in a race, if losing that race means you get breached? Probably not. Make sure your managed SIEM provider has the right drivers on their team.
5. Do they have good processes for performing investigations, communicating with your team, and remediation efforts? In a crisis, having proper processes in place can be a metaphorical life saver. The speed in which a threat is detected, isolated, and remediated can be the difference between a minor incident and a major breach. Your managed SIEM provider should have a formal plan for how to investigate threats, quickly inform your team of any active threats, and begin remediating the threat as quickly as possible.
When you’re ready to take the next step in Managed SIEM, let us know. Our team of experts are ready to help you along the way.