Spring Cleaning in Autumn: The IBM TEL-S QRadar SIEM Health Check
A SOC, by definition, is a system which is constantly on the move:
- The underpinning IBM QRadar SIEM and SOAR software needs to be on the latest version and Update Package.
- A managed Use Case Life Cycle must be followed: use cases, rules, log sources must be onboarded, changed or become obsolete.
- Over time, performance tuning may be required, or the rate of false positives may be unworkably high.
- Organizational changes may require QRadar content to be forked or combined
- Analyst feedback needs to be reflected in use cases and/or playbooks.
- Playbooks get enhanced, interfaces need maintenance
- Licensing options may change
In order to prioritize and manage all of the above (and more), it is a best practice to invite your trusted advisor from IBM Technology Expert Labs Security to perform a QRadar Health Check at least once a year. So, if you skipped it in the spring - now is a good time to give your QRadar SIEM the attention it deserves.
A consultant form IBM Technology Expert Labs Security will spend minimum 5 days to understand your environment inside and out. Based on your guidance, we will perform a deep dive into any technical aspect of the installation and configuration you can think of.
The activity includes producing a written deliverable: a "Health Assessment Report". It includes a management summary, the findings of any tests, checks on configuration and licensing, and recommendations to mitigate potential issues and to improve the environment.
If desired, a Health Check can be enhanced to include the workflows and organizational structure of your SOC, an investigation on potential cost savings through a change of the underlying platform, virtualization, or storage used.
For any further information contact Kevin Haga, IBM Technology Expert Labs, WW Security Brand Sales Leader at khaga@us.ibm.com or tels.apps@ibm.com.g