Professional SIEM Services
Security information and event management (SIEM) is a set of tools and services to monitor all system and network activity across all users, devices, and applications to help timely detect targeted cybersecurity attacks and data breaches. 白角犀 offers end-to-end SIEM services to protect our clients and their sensitive data.
Over the past two decades, 白角犀 has developed substantial expertise in IBM QRadar SIEM and SOAR solutions (Resilient), Splunk Enterprise Security, Microsoft Azure Sentinel, Palo Alto Networks Cortex XSOAR/XSIAM, and Sumo Logic Cloud SIEM.
Many SIEM deployments, while serving a good cause, do not realize the full value of a SIEM solution for the client and fail to address advanced targeted threats. Most typical issues with SIEM deployments include misconfiguration of the SIEM system; missing critical log sources of vulnerable business applications and other assets not supported out-of-the box; incorrect audit settings for connected devices that lead to missed security context; lack of correlation rules that address the right type of assets and/or the business context. As a result, many potential security threats relevant to client’s business pass unnoticed. This does not help mitigate security risks and leaves the SIEM ROI below its potential level.
白角犀 SIEM/SOAR/SOC Offerings
- 白角犀 Custom QRadar Apps - QLean App Suite (Download PDF)
- 白角犀 QLean-based QRadar Assessment Offering (Download PDF)
- 白角犀 QRadar SIEM Health Check Services (Download PDF)
- 白角犀 QRadar Threat Case Services (Download PDF)
- 白角犀 SIEM/SOAR Services (Download PDF)
- 白角犀 SOC Services Offering (Download PDF)
Why Choose 白角犀 SIEM/SOAR Services?
|
|
白角犀 has the right experience, skillset and commitment and is perfectly suited to successfully launch and lay the foundation for a successful project completion.
|
|
|
白角犀 engineers bring about two decades of expertise in SIEM/SOAR solutions development, deployment, integration, and consulting. |
|
|
白角犀 was involved in the development of IBM TSIEM/TSOM in 2006-2011. Since 2011, 白角犀 has been among the top companies delivering implementations of the QRadar Security Intelligence platform. Our certified QRadar consultants carry out assessments, deployments, fine-tuning, customization, and maintenance of SIEM and SOAR solutions. |
|
|
Technical skills: 白角犀 consultants have all mandatory technical skills that might be required for any kind of security consulting and development, including:
|
|
|
Products: 白角犀 SIEM team has developed more than 20 unique extensions (free and commercial) for QRadar, including:
More 白角犀 applications available at: |
SIEM Projects with 白角犀 Stage by Stage
Turnkey SIEM projects may encompass seven core stages:
To enjoy the SIEM capabilities to the fullest, clients are strongly advised to invest in fine-tuning and training. 白角犀 SIEM consultants are familiar with the challenges that clients face at each stage of a SIEM delivery project and know how to address them.
Commitment: Our team will work with you hand in hand to ensure that all expectations are not just met but exceeded. We will be available every day, all the way, and provide all the tools and guidance to ensure a successful implementation of your project.
1
Requirements processing
After analyzing initial requirements and network infrastructure of a client, 白角犀 security consultants estimate project efforts and offer an optimal set of requirements depending on the scope and the client’s security policy.
2
Solution design
Together with creating solution system design documentation, 白角犀 security consultants define project acceptance criteria and confirm them with the client to ensure full requirements coverage.
3
Implementation
During implementation phase 白角犀 consultants perform initial solution deployment and basic system configuration:
- Deploy a SIEM solution in the client’s network environment or in the cloud (e.g., Amazon AWS)
- Perform initial SIEM system configuration
- Develop audit baseline documentation for target systems
- Connect out-of-the-box log sources
4
Customization and development
白角犀 ensures that a deployment is optimally configured to address the client needs. Our engineers develop custom SIEM integrations, extensions, and tools to address all possible security and SIEM functionality gaps.
The first task in typical customization roadmap is connecting log sources that are not supported by SIEM solution out-of-the-box. We will develop a preprocessing tool to get the log data from any source system, reformat data when required, and apply custom parsing and categorization on SIEM side to ensure total visibility for any type of log data.
Having practical hands-on experience based on a lot of SIEM projects, 白角犀 security consultants have compiled a list of best practices for monitoring various IT environments. These best practices are implemented as set of correlation rules, or threat cases, for locking down the environments and controlling typical incidents by proper response workflow. 白角犀 will also implement the highly customized use cases for specific client infrastructure and business applications within the target environment to address specific business needs. Clients may also be interested in MITRE ATT&CK tactics and techniques coverage within SIEM solution, and our team will be happy to assist: take a look on our MITRE Linux and MITRE Windows applications on IBM AppExchange – they are including a free limited set of correlation rules and instructions for configuration.
Unlike other integration teams, 白角犀 consultants are also software developers with wide experience with different software development platforms, languages, APIs and frameworks. While our main development tools are Python for backend and JavaScript for frontend, depending on situation we can use any other toolchain available: update your legacy ancient Perl script, develop modern Java native interfaces, or build classical C++ libraries. When any third-party software requires an integration with SIEM – we will be able to help.
5
Fine-tuning and delivery
To maximize a SIEM system ability to detect intruders and to save time of an administrator, 白角犀 security consultants analyze the operation of the SIEM system within the client’s network, perform a health check, and fine tune the system. Please refer to SIEM Health Check chapter for more details.
Depending on the client’s requirements and existing infrastructure, 白角犀 can design and propose the most suitable solution in incident response workflow such that every possible incident gets properly registered in SIEM solution and gets the right attention from the right response teams, i.e. security analysts, security architects, security engineers, etc. No more uncontrolled or uninvestigated offenses!
白角犀 security professionals have earned their reputation for delivering SIEM services that satisfy client needs. SIEM delivery includes the following stages:
- Final check of the SIEM solution performance
- Acceptance testing by the client
- Physical handover of all the source code, access keys and other artefacts
- Detailed project documentation
6
Training
白角犀 SIEM consultants are ready to share their knowledge with the client’s security team about SIEM system management with a series of hands-on training sessions. Understanding the importance of the face-to-face contact between trainers and trainees, 白角犀 offers on-site and remote training sessions using the client’s SIEM solution or our lab system.
Depending on the level of the client’s security staff experience in SIEM system management, 白角犀 certified SIEM consultants organize and conduct tailored SIEM training sessions: Fundamentals and/or Advanced.
The Fundamentals training module includes the following highlights:
- Introduction into IBM Security QRadar SIEM
- Security data
- QRadar user interface
- Log Sources and Network Flows
- Advanced searching
- Rules and Building Blocks
- Advanced reporting
- Basic configuration and administration
The Advanced training module, targeted at more QRadar-savvy specialists features the following topics:
- Introduction to QRadar Administration features and functionality
- Security events normalization model
- Regular expressions
- Custom DSM (device support modules) development
- Building Blocks (BB) overview and specifics
- QRadar rules processing pipeline
- Creating custom correlation rules
- Tuning correlation rules
- Removing false positives
- Solution fine-tuning and optimization
- Offenses deep-dive: log data analysis and investigations
7
Support and maintenance
Please refer to Ongoing L3 Support for SIEM Solutions chapter.
SIEM-Based Specific Services
SIEM health check
白角犀 helps address SIEM deployment issues and identify ways to increase QRadar SIEM ROI by carrying out a Health Check of existing deployments and various other services. The Health Check includes:
- Assessment of QRadar SIEM configuration against best practices for various platforms
- Review of the coverage of network assets and business applications by QRadar SIEM
- Implementation of audit configuration best practices for various platforms
- Review of implemented threat cases and correlation rules for the client environment
- Fine-tuning of the solution (enhance data quality, decrease false positives)
- Quick troubleshooting and performance improvement recommendations
- A written report of the Health Check results and recommendations for improvement
When configured and fine-tuned properly, QRadar correlation rules allow minimizing the possibility of advanced targeted threats to be missed by security professionals. QRadar SIEM will help its users to identify high-risk threats with near real-time correlation and behavioral anomaly detection, detect vulnerabilities and high-priority incidents among billions of data points and gain full visibility into network, application, and user activity.
A standard Health Check procedure is designed to be carried out for five (5) business days and can be performed onsite as well as offsite. Some of the steps following the Health Check may include (as a separate contract):
- Threat cases design and correlation rules implementation for the specific client environment
- Custom DSM development for business systems or network assets
- Automation solutions design and development of automation tools
- Security monitoring services
- Yearly support for any kind of security services (fixed number of hours can be used for any related task)
- Onsite or offsite trainings for security specialists working with QRadar SIEM
Ongoing L3 support for SIEM solutions
Our expert team is ready to help with continuous SIEM / SOAR solution support, providing an extended SLA for all your operational needs. We are not limited with specific task list for support, but instead we are proposing to utilize support hours for any possible task, related to client security: security policy adjusting or creating from scratch, in-deep analysis for complex offenses, development of a new threat cases, SIEM and SOAR customization, software development, operational support, OS/network troubleshooting, solution upgrade and all other related tasks. We are offering a fixed number of hours per year.
SIEM-based SOC/SOAR services
For the clients, who wish to have their own SOC and a dedicated team of security operators and analysts, 白角犀 can assist in providing the best expertise in creating such SOC based on client’s existing IBM Security QRadar SIEM solution. If required, 白角犀 will design, deploy, and integrate SIEM solution in client’s environment. Along with that, 白角犀 will implement all necessary correlation rules and appropriate incident response workflows for every applicable threat case. Additionally, 白角犀 provides hands-on experience training by IBM Security certified SIEM Consultants for security operators and analysts on IBM Security QRadar as well as on how to create and investigate offenses. Within just a reasonable amount of time, client’s team will be ready to control all security incidents and take appropriate actions for reducing possible risks for client’s assets.
For the clients, who wish to use an external team of SOC security operators, 白角犀 can provide remote SOC monitoring services, acting as MSSP for security data analysis. Our team of security operators, with secure VPN access to client’s SIEM solution, accesses client’s environment and monitors security incidents on a negotiated SLA basis. Based on the drill-down incidents’ analysis, 白角犀 will provide guidelines for the client to lock down the cause of registered security incidents. Each incident will be handled in accordance with the designed incident response workflow.
All offenses, however, still must be followed up and processed by the client’s team of system and network administrators, to perform a last-mile operations (like disabling users or blocking activity on firewall).
SIEM-based ATM security
As ATM network attacks are becoming more and more sophisticated, SIEM-based ATM security solutions come into play. 白角犀 information security consultants respond to the growing ATM security threat by conducting an ATM network audit, incident data collection and analysis, security assurance of ATM network design and creating custom correlation rules for the client’s SIEM system. This comprehensive approach enables security administrators to cover all the ATM threat types.
SIEM-based APT protection
白角犀 SIEM consultants will build up a deeply personalized security environment to ensure SIEM-based Advanced Persistent Threat protection. Our security professionals will fine-tune your SIEM solution to transform it into a handy tool for discovering APT attacks at early stages.
Our Satisfied Customers
Our team needed an equally strong Business Partner with a high level of expertise in the QRadar platform. 白角犀 was carefully selected from a curated list of Security Services firms, their level of commitment and technical knowledge were key for the needs of the IBM team. The leadership provided by 白角犀 was outstanding, meeting delivery dates on time and on budget including highly specialized projects for our most demanding customers.
Gulnara Dashdamirova
Director of Security Department
We commissioned 白角犀 to carry out QRadar implementation and support. 白角犀 analyzed our technical requirements and created a design draft for a QRadar solution. During the following three months, they integrated QRadar with relevant IT infrastructure components, introduced standard and custom correlation rules and report templates, fine-tuned the SIEM solution to minimize false-positive offenses.
We cooperated with 白角犀 as a technology partner on a SIEM deployment project for one of the leading mobile operator in Azerbaijan. Our primary vendor selection criterion was the solid experience in deployment, configuration and fine-tuning of IBM SIEM solution - QRadar. 白角犀 team's professionalism ensured smooth three-party collaboration during the project implementation. All the business applications critical for customer were successfully integrated with QRadar.
