SIEM and Log Management Service Offerings
Elastic provides today’s most cost-effective, performant and technologically advanced alternative to legacy SIEM and log management products. But when enterprises consider replacing their legacy SIEM with Elastic, they often encounter a common obstacle: long-term staffing pressures and lack of technical expertise.
Even medium and large enterprises struggle to find available personnel who combine the required SIEM and Elastic experience to implement such a significant modernization. Even with the Elastic’s ease of use and advanced technology, converting from a legacy SIEM is still a major undertaking.
Mature SIEM Implementation
To meet the needs of large and medium-sized enterprise clients, SEMplicity has two professional service offerings: Log Management Modernization and SIEM Modernization. Our Log Management Modernization offering builds the first two (or three) levels of the SIEM pyramid. SIEM Modernization offering builds the higher levels.
SEMplicity is an Elastic partner with experience implementing Elastic for the security analytics use case at the very largest clients. SEMplicity also has 10+ years of expertise implementing, customizing and managing legacy SIEMs, including Micro Focus ArcSight, and can handle the most complex and customized SIEM conversions and augmentations.
Log Management Modernization
The foundation of any SIEM modernization effort, reliable, parsed, highly-scalable storage and fast searching of log records is the base of our pyramid, supporting all higher-level functionality.
- Business requirements, needs analysis, sizing documents, system design and architecture
- Appropriately sized on-prem implementation using Elastic Cloud Enterprise, Logstash and Kibana
- LogStash parsers for appropriate log sources, or for logs parsed to existing standards such as CEF
- All designated logs stored and searchable in Elastic
- Log enrichment with threat intelligence information
- Optional log enrichment with identity and network information
- SEMplicity Elastic Evidentiary Log Storage (SEELS) for sensitive compliance logs (if required)
- Dashboards showing executive metrics on logs storage, search times, etc.
- Reports converted from legacy log management platform, as well as new reports and visualizations defined by the client
- User documentation on searching logs and using Kibana
- As-built and roadmap documentation on how to scale the deployment
Modern security event detection involves both correlation and anomaly detection. Our SIEM Modernization offering delivers both.
- Business requirements, sizing, design and architecture documents
- Converted legacy SIEM content, including correlation rules, reports and dashboards
- New long-range correlation rules and visualizations, leveraging logs enriched with threat intelligence, identity information and other client-specific information
- Dashboards for incident response and analyst research
- Machine-learning jobs to detect anomalies, with corresponding dashboards
- Dashboards showing executive metrics on correlation and anomaly detection activities
- User documentation on all delivered features
- Standard Operation Procedures (SOPs) for all alerts
- As-built and roadmap documentation on how to scale the deployment upwards to handle additional volume and use cases