2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM

2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM

This is the second installment of our series around 2021 security planning. In part one, Rapid7 Detection and Response Practice Advisor Jeffrey Gardner offered tips and advice for ramping up annual security planning. In this installment, we’ll explore the importance of reliable and comprehensive detections to drive an efficient security program forward.


As we started to get into in the first installment, teams are under tremendous pressure to demonstrate progress and ROI, which means they need to find efficient ways to optimize and advance security without adding more complexity. Too many legacy and traditional SIEM approaches actually introduce more work for teams and distract from actual detection and response. Teams get bogged down in arduous deployments, writing and managing rules, and jumping among various datasets to try to build a complete picture. For this reason, too many tools end up partially deployed or full on shelfware, leaving teams burnt out and environments exposed.



See How Modern SIEM Solutions Drive Immediate Value


Learn More

Security Planning Tip: Shelfware is the nemesis of ROI. When you’re doing security planning and evaluating new tools, think about what deploying and actually achieving your desired outcomes would require. Do you have the staff, time, resources to get to your end goals with the product you’re evaluating? If the answer is “no” or “not sure,” it might be time to look at something else.



Rapid7’s approach to security information and event management (SIEM) is unique in that we have focused on a detections-first mindset. InsightIDR, our ..

Support the originator by clicking the read the rest link below.