We need to review our security strategy. Currently we use a service provider to provide SIEM and SOC services. They use Manage Engine and OberserveIT. They also patch and upgrade our endpoints. Tend Vison one is the foundation on which we have built our endpoint protection. With all the new Microsoft Security products and AI on offer (A) should we replace or augment? (B) What do you use to Administer the landscape from a single pane of glass. Both out Trend and managed Security Service Contracts are due to expire. (C) what gotchas do we need to lookout for if we decide to replace / retire any of the existing tools in our environment.

Security Security Operations Center (SOC)

3.6k views2 Comments

Sort by:

Sr Software Principal engineer (Gen AI and ML Security) in Hardware5 months ago

THREAT MODEL!
Nothing ever works if you dont have clear picture of potential threat areas! Start from there and then explore tools in market that offers the closest. Or work with existing vendor and ask them to provide a detailed threat assessment and current coverage!
all the best!

Group Director of Information Security in Banking6 months ago

This is a good chance to reframe your operating model with service providers.
Create a list of key performance and risk indicators that you/your CEO/your board will be interested to see. Identify source tools / technologies where you can grab data for each of these KRIs/KPIs. Then, hand it over to your SIEM/SOC service provider, for them to provide those to you in the form of a CISO dashboard. You should optimally not care about how they grab and correlate those KRIs whether using manage engine Microsoft Sentinel etc. if you own the security tools (like TrendMicro, Manage engine etc.), you should look into options of changing them to either inbuilt into your licenses (like MS E3, E5 etc.) or change them into a subscription model. Make your service provider own the tools as much as feasible while you only define your needs from them.

Content you might like

Not-for-profit healthcare systems are currently facing the prospect of sinking revenue as ransomware attacks continue to disrupt daily operations. What should healthcare providers focus on in the next 6 months to protect their data from future attacks?

Develop a malware incident recovery plan22%

Implement anti-ransomware technology49%

Hire Information Security / Data experts57%

Deploy layered protection to endpoints20%

All of the Above22%

Other (Please share below)1%

View Results

We’re using Nextcloud for most of our data storage and collaboration, and Microsoft 365 E3 for email and productivity. As we work toward compliance with the NCA’s Data Cybersecurity Controls, we’d like your help assessing:
• What security capabilities in Nextcloud (e.g., access control, encryption, logging, watermarking, DLP) support DCC compliance?
• Where Microsoft 365 E3 can help fill any gaps—especially for classification, watermarking, DLP, and audit/logging?
• Any recommended Nextcloud apps or configurations that can accelerate compliance?
We’re working under tight timelines, so a prioritized list of quick wins and a roadmap for deeper integrations would be very helpful.

Does anyone know of an excellent third-party assessor/vendor to perform a comprehensive security assessment on a mobile app?

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

What's your corporate policy for Passwords Managers?

Enforce Corporate licensed deployed and supported solution45%

Provide Recommendation without enforcement over awareness sessions18%

Allow BYO Password Manager to secure credentials18%

Accelerate Password-less initiatives18%

No Idea how to handle this one