As a Managed Security Services Provider we operate complex customer environments with 3 different security operations centers and staff those facilities with Mosaic 451 Cyber Security Operators. Our design goal for the Next Generation SIEM is to automate as much as we can for Security Operations Centers and save you up to 50% on your SIEM licensing budget.
M451 has developed the Next Generation SIEM (NGS) based on the AWS Severless Catalog for Big Data. We are using S3 and Glacier for storage, Athena for SQL query, Glue for extract, transform and loading (ETL) of the Log Data, and QuickSight for visualization. Dynamo DB is used for key event and alarm storage with Amazon RedShift Security Data Warehouse for long term security analytics. Lambda is used for a variety of function tasks for event correlation, Indicators of compromise alarms and pipeline processing for ETL.
AWS SageMaker Machine Learning is used for Anomaly Detection, Malware Analysis and Network Traffic Analysis with log data candidates that have been labeled as learning data sets to deliver the prescribed analyis or detection use case for model training and model deployment.
We are using the Center for Internet (CIS) Top 20 Controls which are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve their cyber defense.
In addition, we are using the MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™). This is a catalog of techniques and tactics that describe post-compromise adversary behavior on typical enterprise IT environments. The core use cases involve using the catalog to analyze, triage, compare, describe, relate, and share post-compromise adversary behavior.
These industry frameworks will provide us the guidance to design and automate a low cost DataLake for security analytics using the best of the AWS Big Data catalog,
This solution can be up and running in less than 30 minutes in your AWS account and we can manage it for you or build a custom SIEM in your own AWS account. For more information on the NextGen SIEM please contact our sales team. Click Here to download the Next Generation SIEM Debrief.