Large Scale SIEM Implementation
Brief :
A major German IT banking provider required harmonizing its heterogeneous cybersecurity monitoring environment towards a centralized SIEM solution. In particular, the request focused on connecting more than 40.000 assets to the newly established central SIEM solution and developing more than 380 platform-specific use cases.
BxC was asked to lead the implementation of this centralized SIEM solution in order to provide holistic coverage with essential SIEM use case controls.
Activities :
TECHNICAL PROJECT MANAGEMENT AND PROJECT LEAD
BxC restructured the existing agile-only project approach into a hybrid model leveraging comprehensive and project timeline-focused waterfall project planning while enabling agile methodologies whenever possible.
COORDINATION OF SYSTEM CONNECTIONS
As part of the migration efforts, BxC handled and structured the communication with the new solution provider. This aimed at ensuring adequate support during the migration process, limiting the workload of the client administrative team, and structuring workshops across involved business units to address and proactively inform them about all cross-business unit topics.
COORDINATION OF USE CASE DEVELOPMENT
BxC managed the development of more than 380 platform-specific SIEM cybersecurity use cases based on the MITRE ATTACK framework utilizing a multivendor team of up to 18 security analysts and use case developers.
results :
Since the initial involvement of BxC, the maturity of the OT security incident detection and response has increased and evolved to a permanent improvement activity for the operational teams. Several achievements can be listed:
Harmonization of the existing logging and monitoring infrastructure towards a central solution
> 380 platform-specific use cases implemented
> 40.000 log sources connected following a harmonized logging approach and streamlined technologies
Long term improvement of the overall detection and response capabilities based on improved visibility and transparency