Security Performance Assessment - Risk Based Alerting (RBA)

Have you heard about the power of RBA to reduce alerts and improve the maturity of your SOC? Have you seen presentations by Splunk® Reps, watched .conf recordings, or heard success stories from other organizations? Are you unsure of where or how to start with RBA in your company?

Highland Defense has implemented and tuned RBA across industries, organizations, and tens-of-thousands of alerts. To help guide you on your security maturity journey, we offer a FREE Performance Assessment.

Goal: high level review of your Splunk environment and data for:

• Data feeds and field extractions

• Data models

• General Splunk configuration

Outline: Review current use of Splunk as a security tool and determine:

• Inventory of existing data

• Inventory of data available but not being utilized

• Characterization of how you are using Splunk for security currently

• Review of key searches / detections

• Priorities for improved coverage or performance

If you have Enterprise Security currently:

• Great!

• We’ll focus on leveraging advanced features of ES built in to support RBA

If you DO NOT have Enterprise Security currently:

• That’s OK

• There are still RBA principles and searches that you can leverage

Deliverables: Readiness Report that:

• Assesses your current state

• Details specific areas and items to address in order to be best positioned for leveraging RBA

• Potential Bonus: Quick wins to implement immediately to leverage Splunk in your SOC

Time Required:

• 30-60 minutes of walking through your Splunk environment via sharing your screen with Highland Defense

• 20 minute conversation with upper level management to outline the key drivers for pursuing RBA

NOT Required:

• Enterprise Security - not required

• Access to your environment - not required (we just need a screen share so we can “look over your shoulder”)