cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sarlacpit
Newcomer I

Do I need a SOC?

A company has recently undergone an exponential growth to 500 employees.

Everyone works from home and uses a cloud based solution for email and documents.

Needless to say, things are in a bit of a mess and need strightening up.

 

I was asked if they needed a SIEM.

 

This sparked many thoughts, before they employ a SIEM - They need to have things in place otherwise money will be wasted and no real value will be gained.

 

1, Asset management and Data Classification (inc Supplier assessments)

2, Threat Modelling (prioritisation)

3, Risk Assessments

From there they can look at what they would like to ingest and make use of.

 

I am sure that there are other things to be considered before deciding if a SIEM is appropriate and would appreciate any input.

Thanks in advance

 

 

2 Replies
Early_Adopter
Community Champion

Before a SOC, or a SIEM or any other bits and bobs do they have appropriate policies? Particularly with regards to OS, User and application logs? I’d say getting the first cut of a boiler plate policy they can use as a template/guide for their market, vertical, country should be very high priority. They could also write their own but they seem to be deep in the tooling weeds.

I’d agree with your asset register/CMBD as one to start as well, but you might find starting classification, threat modeling and risk as dementia tricky without an appropriate policy framework(also their local privacy and other regulations dictate what you can and can’t collect/do).

Some opinion from me but as a first step I’d get a basic, rough cut security policy first if it’s not there.

sarlacpit
Newcomer I

Thanks, that's really good point.