Professional services and outsourcing are essential components in getting a SIEM up, stable, and running. However, after this is accomplished, the Blue Team will need to focus on tailoring the SIEM to the very specific needs of the organization. At this stage, either well-trained internal staff or external specialized service teams may be required.
Instead of focusing on the initial SIEM design and implementation phase, going through the 2nd stage of SIEM maturity requires switching to implementing advanced security use cases and detecting real-world attack tactics. While the distinction seems small, it can be quite significant.
Join this webcast to hear Justin Henderson and John Hubbard as they explain how you can successfully make this transition.
Learn more about SANS new resources for SIEM including SIEM courses SEC455 'and 'SEC555.
SIEM Webcast Series: How to Avoid the Most Common SIEM Implementation Mistakes