Case Study: SIEM Discovery for a Public Sector Organisation

Apto recently undertook a project to provide SIEM Discovery for a public sector organisation based in the UK. The primary objective was to assist the client in complying with ISO 27001 compliance while aligning their SIEM platform with their business objectives, governance and risk.

Client Background

Our client, a public sector organisation had recently transitioned to a Microsoft cloud environment. Their infrastructure comprised of Windows 10 workloads, Microsoft 365 for productivity tools, and Azure for infrastructure. Despite this modern setup, the client lacked a dedicated team for SIEM management and struggled to leverage their existing platform effectively.

The Early Days Of SIEM

The client faced several challenges, including underutilization of their SIEM platform, lack of automation, and absence of ongoing maintenance activities. With small internal teams overseeing various aspects of governance, operations, security incident response, and compliance, there was a pressing need for dedicated SIEM expertise to ensure the platform’s efficacy and compliance with industry standards.

Apto SIEM Discovery

Apto employed our comprehensive discovery methodology to assess the client’s current SIEM state, identify gaps, and propose actionable recommendations. This involved evaluating risk registers, compliance registers and overall governance.  Apto also evaluated their existing SIEM architecture, role-based access control (RBAC), log source ingestion, detective analytics, enrichment, automation, and reporting. Additionally, quick wins were identified to immediately enhance the SIEM platform’s effectiveness in the short term.

Assessing The Environment

Over an 8-week engagement period, Apto conducted workshops, document reviews, and collaborative sessions with the client. Despite challenges such as restricted access to the client’s environment, Apto leveraged remote sharing and adhered to the client’s operational protocols to ensure project continuity. The solution implementation focused on providing clear directions and timelines for enhancing the SIEM tool’s capabilities and compliance reporting for ISO 27001 and their own internal risk models.

Results and Outcomes

The project culminated in the delivery of a report detailing regulatory and risk compliance, SIEM health assessment, quick wins, and long-term improvement recommendations. The client gained confidence in their SIEM strategy, equipped with a clear roadmap for future enhancements and compliance requirements. By proactively addressing potential issues, the client mitigated future risks and safeguarded against future SIEM pitfalls.

Conclusion & Next Steps

This project provided invaluable insights and actionable recommendations to enhance the client’s SIEM capabilities and compliance posture. These combined outcomes not only benefited the client in the short term but also served as a valuable reference for other organisations navigating the complexities of SIEM implementation. With a clear blueprint for SIEM operation and compliance, the client is well-positioned to navigate future cybersecurity challenges with confidence.  Our client has chosen to continue their SIEM  journey with Apto to explore further SIEM services aimed at implementing and deploying the proposed SIEM solution.