SIEM Optimization and Support for M-21-31 on AWS

This document is a case study detailing the implementation of a Security Information and Event Management (SIEM) solution for a US Federal Agency using AWS services. The agency faced challenges in optimizing its SIEM capabilities to respond to increasing cybersecurity threats and comply with Executive Order 14028 and OMB Mandate M-21-31. The solution involved a comprehensive cloud migration and optimization strategy that included architecting a secure environment on AWS, utilizing Splunk Enterprise Security, and implementing log management through AWS CloudWatch Logs. Key enhancements included the use of AWS Lambda for data processing, Amazon S3 for data storage, and AWS IAM for access control. The outcomes of this implementation included improved threat detection capabilities, significant cost reductions, enhanced scalability to handle increased threat volumes, and compliance with federal mandates. The case study concludes with the agency's improved visibility into security events and readiness for future AWS security service integrations.