Loading . . .

SIEM audit with MITRE ATT&CK coverage


All detections aligned to MITRE ATT&CK™

Our mission is to maximize value of technology that your company already invested in. We have expertise in 11 different SIEM platforms backed with technology alliances. Our team has leveraged MITRE ATT&CK since 2016 for investigation and attribution of BlackEnergy, WannaCry and NotPetya campaigns. We deliver the audit results in days to Fortune-100 and Forbes 2000 organizations. We are ready to help you align your cyber defenses to ATT&CK.

Fundamentally different experience, not consulting

Our delivery methodology is open, backed by the cutting-edge technology. We provide an automated audit of your SIEM deployment combined with manual review by our seasoned Threat Hunting and Incident Responce team. Deliverables include executive and technical report as well as detailed spreadsheet structured per ATT&CK Tactics. Report outlines gaps in log sources, data quality issues, detection rules coverage and recommendations to address them. Links to recommended community and exclusive SIEM content are included for: correlation rules and queries, Sigma rules, SOC ready dashboards and Machine Learning models.

Maximize the outcomes at groundbreaking speed

We received an extensive audit of our massive SIEM installation including hundreds of log collectors and tens of thousands of devices within 3 business days. Every log source issue was covered with solution provided. No other vendor we talked to in last 24 months could propose anything that is even remotely close. Outstanding work.

Information Security Manager, Fortune-100 international company with 50,000+ employees.

> 10 000 devices
100+ log collectors
< 3 days

Automation that scales beyond borders

Our core technology performs automated analysis of the Elastic stack, ArcSight, QRadar and Splunk deployments and compares results with MITRE ATT&CK taxonomy. Afterwards our security experts build the coverage for Threat Actors, Tools and Techniques by mapping the specifics of your SIEM deployment to the world's largest SOC content repository, the Threat Detection Marketplace. This is done in a semi-automated fashion to assure that important details are not missed. On-site delivery is available in the US by SOC Prime engineers directly, in the UK by our strategic partner Satisnet. Remote delivery is available worldwide. The scope is flexible: go as focused as verifying particular Actor or Tool hypothesis or dive deep on each Tactic and Technique on every log source you have.

SIEM vendor content is good, but only to get started

Some of us have been on the SIEM journey since 2002 and today our team cumulatively has 300+ years SIEM experience. And this is exactly whe are not creating yet another SIEM product, but focus on fundamental challenges of algorithm imporvement and data quality. The service coupled with a look and feel of our products will help you to explore the coverage, expose the gaps and have a practical plan to address them. If you wonder on where exactly SIEM vendor stock content has its uses and limitations we highly recommend exploring the relevant blog post by Anton Chuvakin at Gartner blog: https://blogs.gartner.com/anton-chuvakin/2015/12/02/starting-a-siem-project-from-vendor-use-case-content-win-or-fail/

Direct content access for the world class teams

Technological advantage to Upgrade to NextGen SIEM

We are ready to help you with vendor-agnostic and transparent insight into your SIEM and Threat Hunting operations already today. And if you have a SIEM migration project coming up to consolidate different technologies or move to the Next Generation SIEM we can support you on that challenging journey. An audit may be a starting point, yet bigger advantages will be realized by migrating and refactoring the SIEM content you have in place to the new platform, without losing a moment of visibility. We have a proven track record of delivering such capabilities to Fortune-100 and Forbes Global-2000 companies in the US and in the EU. SOC prime is focused on improving your cyber defense capabilities, let's do this together?