Detection Engineering in Post SIEM and SOAR World


            By Venkat Pothamsetty, CTO, Network Intelligence



            A few years  back,  my security  team  was tasked  to create  and maintain  a green  field  environment  for
            FEDRAMP  compliance.   We made  a  radical  decision,  we  opted  to forego  a Security  Information  and
            Event Management (SIEM) system entirely. This decision was not made lightly, but it was driven by two
            primary considerations.  First, we wanted to eliminate  any instance  that required patching,  and second,
            there was no off-the-shelf SIEM solution that was FEDRAMP compliant.



            Navigating SIEM-less Security and Compliance

            In the absence of a SIEM, we had to navigate through the myriad of controls that a typical SIEM would
            cover. This included:

               ●  Logging Controls: Every control mandates extensive logging.
               ●  Alerting Controls: Particularly under Audit (AU) and System Integrity (SI) families.





            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          140
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.