Measure Your Threat Management

A practical toolkit to evaluate the threat management capabilities of your enterprise infrastructure. Also can make a tactical guide to scoping your threat management needs.

I'd like to download this!
Email *

A Security Incident and Event Management (SIEM) system is a very capable toolkit; it is used by various industries to achieve a varied set of goals. One of the primary use cases for the SIEM is Threat Management. In order to deliver quality threat management an SIEM and its environment must be tuned and perfected. This document enlists the essential capabilities required to deliver quality threat management using an SIEM.

This document could be used to scope a threat management project or evaluate features of an existing project and then improve quality of deliverables. The toolkit also provides weightages the various capability requirements, this will enable you to evaluate features in the right perspective.

Essential Capabilities

The key areas touched upon in this review worksheet are

  • Real-time detection capabilities - How well does the system participate and integrate with detection systems and further is the system able to report threats in real-time.
  • System and network profile monitoring - Does the system have the capability to integrate with systems and networks to evaluate usage patterns and profiles.
  • Incident management and reporting - Can the system provide effective incident handling and management capabilities. Reporting threats and countermeasures is again a key requirement.
  • Deployment architecture - What topology scenarios can the system be deployed in and still be able to extract maximum accuracy benefits.
  • The threat correlation process - How does the correlation engine treat threat and contextual data differently from system data and how accurately is the system able to identify attacks.
  • Threat intelligence - Evaluate the quality and sources of threat intelligence that could be integrated and how the system can create its own threats and repurpose them in real-time to influence the decision-making.
  • Application security monitoring - Capability of the system to integrate with application logic and monitor application threats from within the application environment.

© 2015-2016 All Rights Reserved. NETMONASTERY™ and CNAM™ is a registered trademark of NETMONASTERY NSPL.