Many organizations struggle with their SIEM/SOC security monitoring and detection systems. The initial setup is costly and difficult, while initially a large number of alerts is generated, or maybe none at all.
After fine-tuning the use cases, it becomes easier to manage and the number of false positives decreases. However, it is difficult to know if the systems see the events you want to know about. When a Security Operations Center (SOC) does not alert you to any security events, it could be there are no security events taking place. It could also mean the Security Incident Event Management (SIEM) solution is malfunctioning or certain attacks are outside the detection capabilities.In order to evaluate and test the detective capabilities of a SIEM, Secura uses a test platform named PurpleBox to (continuously) test and verify the functioning of the SIEM and provides the assurance that actual threats will not go unnoticed.
How confident are you that your SIEM detects important security events?
This test platform is offered as an integral part of the SIEM/SOC service. Based on your use cases, infrastructure and third party hard/software, our consultants will install, configure and tailor the test to your technology stack and requirements. Next, together with your team, Secura will execute the use cases one-by-one, store them in PurpleBox, and verify the alarms are correctly triggered in your SIEM/SOC. Any missing alert is analyzed in detail by using PurpleBox to continuously execute a specific use case. Our SIEM/SOC service provides direct and actionable insight into your SIEM/SOC detection capabilities.