We need to review our security strategy.  Currently we use a service provider to provide SIEM and SOC services.  They use Manage Engine and OberserveIT. They also patch and upgrade our endpoints. Tend Vison one is the foundation on which we have built our endpoint protection.   With all the new Microsoft Security products and AI on offer  (A) should we replace or augment? (B) What do you use to Administer the landscape from a single pane of glass. Both out Trend and managed Security Service Contracts are due to expire. (C) what gotchas do we need to lookout for if we decide to replace / retire any of the existing tools in our environment.

Security Strategy & RoadmapSecurity Operations Center (SOC)
3.6k viewscircle icon2 Comments
Sort by:
Sr Software Principal engineer (Gen AI and ML Security) in Hardware6 months ago

THREAT MODEL! 
Nothing ever works if you dont have clear picture of potential threat areas! Start from there and then explore tools in market that offers the closest. Or work with existing vendor and ask them to provide a detailed threat assessment and current coverage!
all the best!  

Lightbulb on1
Group Director of Information Security in Banking6 months ago

This is a good chance to reframe your operating model with service providers. 
Create a list of key performance and risk indicators that you/your CEO/your board will be interested to see. Identify source tools / technologies where you can grab data for each of these KRIs/KPIs. Then, hand it over to your SIEM/SOC service provider, for them to provide those to you in the form of a CISO dashboard. You should optimally not care about how they grab and correlate those KRIs whether using manage engine Microsoft Sentinel etc. if you own the security tools (like TrendMicro, Manage engine etc.), you should look into options of changing them to either inbuilt into your licenses (like MS E3, E5 etc.) or change them into a subscription model. Make your service provider own the tools as much as feasible while you only define your needs from them.

Content you might like

What is your preference when choosing a DDoS mitigation service?

Always-on service47%

On-demand service – traffic is scrubbed only when an attack is detected and mitigated51%

One time use – service is activated upon request1%

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Patch management: to reduce attack surface and avoid system misconfigurations34%

Malware and ransomware prevention: to protect endpoints from social engineering attacks60%

Malware and fileless malware detection and response: to protect against malicious software47%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls29%

Not planning to change endpoint security strategy7%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments