Unlocking Potential - Maturing the SIEM from Basic to Advanced Capabilities presented at BSidesPhiladephia 2019

by John Ehring,

Summary : Security Information and Event Monitoring (SIEM) is an expensive, complex undertaking without transparent business value. Despite these challenges, most modern cybersecurity organizations recognize the need for enterprise-wide visibility to empower incident responders to detect, mitigate, and recover from cybersecurity events. But even with the need for SIEM established, organizations routinely fail to realize the full potential of SIEM capabilities -- often failing to get the basics right. As a result, SIEM operations can often look to business leaders like an expensive cost center which doesn’t drive business value. In this talk, we will discuss the full spectrum of SIEM maturity and explore what you should look for when choosing a modern SIEM, the resources required to build and improve it and how to communicate the value to your business. By the end of this talk, I hope you will have a better understanding of SIEM maturity levels and be able to identify some clear next steps for how to augment the capabilities of your SIEM implementation, increase effectiveness of SIEM operations, and demonstrate the value SIEM provides to your organization.