Security Operations Strategy
Summary:
Reveal Risk partnered with a developing Fortune 1000 security organization to build a strategy for the security operations function, create initial playbooks for critical use cases, and design foundational processes. There had been rapid leadership turnover, and there wasn’t a solid plan for appropriately leveraging a newly acquired MDR solution. Reveal Risk helped rapidly build out the internal processes and knowledge base to make the MDR solution successful and scalable.
Outcomes:
- Conducted a rapid current state assessment of security operations capabilities to identify the most critical needs
- Assessed the full suite of offerings from the MDR partner to determine how to most effectively accelerate deployment and identify any critical program gaps
- Developed metrics and reporting framework to share security operations capabilities with leadership and show progress over time
- Built multiple playbooks for critical SOC use cases aligned to NIST standards (e.g. ransomware, third party breach, etc.)
- Identified log sources, detection logic, and remediation actions for each playbook
- Built a prioritized roadmap of playbooks and use cases
- Designed a repeatable process to develop and manage current and future playbooks
“I like using Reveal Risk because they have supported the operations like I now own, and really feel like an extension of my team. We were able to do more with less effort on our end, because of their knowledge and experience.”
Detect & Respond Director
Fortune 1000 security organization
