Author: ReZa AdineH
-
A useful concepts for SIEM assessment, implementing a SIEM-CMM: SIEM capability Maturity Model concepts
I. Introduction A. Purpose of the white paper The purpose of this white paper is to provide an overview of the Technical Capability and Maturity Model (CMM) for Security Information and Event Management (SIEM) implementation, and to highlight the importance of SIEM implementation capability and maturity for organizations. B. Definition of SIEM SIEM is a…
-
A quick review on SOAR platforms
Introduction: In recent years, security operations teams have been inundated with a deluge of security alerts and incidents that are difficult to manage and resolve efficiently. As a result, organizations are increasingly turning to Security Orchestration, Automation and Response (SOAR) platforms to help them streamline their security operations and improve their response times. In this…
-
A quick review on SIEM Implementation Technical Capability and Maturity Model
Introduction Security Information and Event Management (SIEM) solutions are essential components of modern cybersecurity architectures. These solutions enable organizations to collect, correlate, and analyze security-related data from various sources, including logs, network traffic, and endpoint devices. By providing real-time threat detection and incident response capabilities, SIEM solutions help organizations protect their assets and data from…
-
A quick review on using AI for malware generation
The use of Artificial Intelligence (AI) in malware generation has been a topic of much discussion in the cybersecurity industry. While AI has the potential to revolutionize the way malware is created, it also has the potential to create even more sophisticated and devastating cyber attacks. One of the main benefits of using AI in…
-
SIEM Solutions: A Guide to Proper Capacity Management
Abstract: The security information and event management (SIEM) solution is a critical component for any organization’s security posture. It enables the organization to collect, analyze, and correlate data from various sources to detect and respond to security incidents. However, choosing the right SIEM solution can be a daunting task, especially when it comes to capacity…
-
OSINT against Threats
Introduction: Open Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available information to gain insights into a particular subject or entity. In the realm of cybersecurity, OSINT can be an incredibly useful tool for threat hunting. By using OSINT, security teams can gather information about potential threats, including information about vulnerabilities, attacker…
-
Using Threat Intelligence to Conduct Effective Threat Hunting
Introduction Threat hunting is a proactive approach to detecting and responding to advanced cyber threats. The goal of threat hunting is to identify and mitigate potential threats before they can cause harm to an organization’s assets. Threat intelligence is an essential component of effective threat hunting. This white paper will explore the role of threat…
-
Use the SOC CMM as a baseline for assessment of the right SIEM you might need to consider
here is another approaches to use for assessment of the right SIEM product based on SOC-CMM approaches. There are 3 main categories to consider: 1-The basic and fundamental features of the SIEM 2-The security analytics requirement 3-The automation and orchestration requirement In the below table we can see the table of topics to consider for…
-
SIEM Assessment via Yes, No approaches
In many cases lots of companies need to assess the right product for using as the right tools as Security Incident and Event Management tools (SIEM), that is considered as the core product of the Security Operations Center (SOC). here there are 4 main general category to consider yes no questions. This approaches is the…
ReZaAdineH 