SIEM/SOC Assessment

We can help you test and verify if your SIEM/SOC detection service works properly.

> IT | PENTESTING & MORE > SIEM/SOC Assessment

How good is your detection?

When your Security Operations Centre (SOC) does not alert you to any security events, you have no way of knowing what is happening. This poses a risk. It could be there are no security events taking place. It could also mean your Security Incident Event Management (SIEM) solution is malfunctioning. There is only one way to check if your detection is working as it should, and that is to explicitly test it. Let Bureau Veritas Cybersecurity help you.

Make sure your detection works

Improve your detection rate

Validate claims of your SOC provider

Your challenges

Making sure your security monitoring and detection system detects actual threats
How to reduce the number of false positives that lead to genuine threats being overlooked
Striking the right balance between sensitivity (catching every possible threat) and specificity (avoiding false alarms)

Ralph Moonen

Technical Director

Bureau Veritas Cybersecurity

There could be all kinds of technical reasons for SIEM/SOC malfunctioning, but the result is the same. Your analysts are effectively blindfolded and groping in the dark.

How we support you

Detection relies on use cases to find relevant anomalies. A use case could be: ‘alert us when a large amount of data is transferred outside of office hours.’ These rules are meant to detect typical adversarial behavior.

Bureau Veritas Cybersecurity's Red Team members and pentesters know exactly how to mimic adversarial behavior. To test your capabilities, our experts execute use cases one-by-one. Together with your team or your provider’s team, our experts verify that the alerts are correctly triggered. Any missing alert is analyzed in detail and a root cause is determined if possible.

To trigger use cases, Bureau Veritas Cybersecurity simulates a security event happening inside your network, often without actually performing the activity that would have normally raised that event. This could be for instance by sending attack signatures over the network, or by performing suspicious actions on servers.

Case Study: 70% of TTPs missed

Bureau Veritas Cybersecurity executed a SIEM/SOC test at a client in the public sector. They use a third party detection provider and contacted us because they had a feeling they were missing events and alerts.

Our experts executed approximately 10 high-level use cases in an interactive session, by simulating the corresponding security events and dozens of tactics, techniques, and procedures (TTPs).

In this case, our experts found that only 30% of TTPs covered by the client's use cases were actually detected, even though the related security events were registered correctly. Many critical TTPs were not detected, such as lateral movement, AD hash dumping, privilege escalation and EDR/MDR deactivation.

During analysis sessions, we were able to pinpoint and fix (many of) the issues together with the SOC team. A retest confirmed that the issues had indeed been fixed correctly. The client's detection capabilities were dramatically improved.

Download fact sheet

Brochure SIEM/SOC Assessment (EN)

Read more about the SIEM/SOC Assessment.

Download

Contact me

Would you like to learn more about our SIEM/SOC Assessment? Please fill out the form below, and we will contact you within one business day.

First Name

Last Name

Company / Organization

Phone Number

Country

How can we help you?

I give permission to process my data as described in the Privacy Policy and agree to the Terms and Conditions.

I consent to let Bureau Veritas Cybersecurity use this data to provide me with additional information from their services, events or topics that may be of interest to me

Why choose Bureau Veritas Cybersecurity

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.

We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence. Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.