RSI Security recently partnered with Sumo Logic for a LinkedIn Live event about managed security information and event management (SIEM) services. RSI Security’s Senior Marketing Coordinator, Nico Giatrelis, kicked us off and introduced the co-hosts from each organization:
- Chad Martin, Technical Operations Manager at RSI Security, is CAPM and HDI SCM certified and has over 20 years of experience in IT and telecommunications services.
- Seth Williams, Partner Architect at Sumo Logic, has 17 years of experience across information systems and technology, including 10 years in cybersecurity specifically.
Seth and Chad discussed effective security information event management—what role data analytics play and what some real-world considerations are for cybersecurity teams.
What is Managed SIEM?
Security information event management, or sometimes security incident event management (SIEM), is the practice of monitoring all security-relevant information within an IT infrastructure and addressing anomalies as soon as they appear. Managed SIEM is a service offering in which providers, like RSI Security, oversee all elements of the SIEM process through SIEM security tools.
RSI Security’s SIEM solutions, in particular, are powered by the Sumo Logic platform. One of the first points Chad and Seth talked about was what SIEM looks like in an RSI engagement.
Chad explained that RSI Security treats every client organization’s IT and security systems as unique. We prioritize establishing a robust business understanding of our clients, which ensures that we’re monitoring the exact assets we need to be, with the right focus and emphasis, to meet our clients’ needs and best interests. Sumo Logic empowers us to make actionable decisions on the data and, importantly, ensure we’re tailoring our recommendations to what matters most to our clients.
As Seth noted, it’s a holistic, consultative approach to SIEM.
How Data Analytics Powers SIEM
Seth went on to explain exactly what Sumo Logic is and how it empowers these deep, impactful insights for SIEM cybersecurity. Sumo Logic is a log analytics platform. It enables functions like dashboard creation and querying across a wide variety of data, including raw and unstructured information. But it also allows for greater analytical manipulation by way of correlation engines.
These processes, together, allow service providers and clients alike to extract the most in-depth insights from their data, making actionable and powerful decisions for efficient, impactful SIEM.
Seth then prompted Chad to expand on how Sumo Logic informs RSI Security’s SIEM solutions.
Chad noted how Sumo Logic helps with sorting through the noise that happens when such vast and varied amounts of data are collected, as is necessary for SIEM. Data points across every endpoint in a system, or concerning every user, are bound to create noise that can complicate rather than streamline your cyberdefenses. Finding the signal, or identifying the key items that drive those impactful decisions, requires clear analytical tools that produce valuable insights.
Why a Holistic SIEM Approach Matters
Returning to the concept of a holistic, consultative approach, Seth asked Chad to elaborate on the reviews, onboarding, and other best practices that define RSI Security’s SIEM solutions.
The idea is to move beyond log analysis, making it easy for clients to act on the insights.
Chad noted again how important it is to view each SIEM engagement as a true partnership and collaboration. It’s not just about setting up reviews of the organization’s infrastructure. It’s about opening up and maintaining strong communication channels to co-manage the suite of SIEM security tools together with the client. RSI Security’s subject matter experts are available at all hours of every working day. But, critically, there’s also support available outside of regular business hours—which is when a majority of cybercrime and illicit activity tends to happen.
To that effect, RSI Security has escalation procedures in place for points of contact at client organizations. If and when an anomalous event occurs, resources are ready to be allocated and activated immediately. Transparency and communication are key to swift, full incident resolution.
Spotlight: Real-World SIEM Considerations
Effective security information event management doesn’t just come into play when an attack or other security incident happens. When it’s working the way it should, events are much less likely to happen, and genuine threats and breaches are less likely to surface than false alarms.
But even false alarms are important, as they can be an important part of relationship building.
Speaking candidly about the day-to-day goings on of a security operation center (SOC), both Seth and Chad agreed that it’s not always exciting, so to speak. It’s not that cybersecurity professionals are constantly chasing down hackers or addressing catastrophic events. Seth asked Chad to provide an example of SIEM tools in practice, even in a benign situation.
Chad outlined a case in which a client in the printing industry had experienced a series of alerts regarding their firewalls and bandwidth utilization. Namely, there appeared to be a large amount of data that was transferred to an unknown IP address. This triggered an immediate analysis, which revealed that it was an authorized action related to early testing for migration purposes.
An even bigger takeaway, however, was how this false alarm allowed for relationship and rapport building between the RSI Security team and stakeholders at the client organization.
SIEM with RSI Security and Sumo Logic
Closing out the event, Seth asked Chad to talk a bit more about how Sumo Logic is used in RSI Security’s SIEM engagements and what makes it so apt. Chad noted that one of the reasons we’ve teamed up with Sumo Logic for so many years is that the platform offers immense value.
Managed SIEM with Sumo Logic allows for a multi-tendency setup, with individual tenets for each client. This allows RSI Security to offer flexibility and transparency. This carries over to ideal communication and customization for end clients through Sumo’s dynamic pricing model.
In turn, Seth talked a bit about what Sumo Logic has appreciated about partnering with us.
One of the biggest things he noted was the way RSI Security’s experts optimize the platform to get the absolute most out of it for SIEM. Our team’s level of knowledge with respect to the risk environment, as well as how to use SIEM tools to address it, maximizes Sumo Logic’s potential.