Why Your SOC Needs More Than a SIEM Tool
Cybercrime is becoming more sophisticated by the day. Meanwhile, the price for a breach due to damage and disruption, ransom payments and regulatory fines, is increasing. No wonder there’s more of a need than ever for companies to set up a dedicated SOC using SIEM to identify threats and raise the alarm. But is that enough to fight the hackers?
Understanding SOCs and SIEM Software
Although IT professionals will know all about SOCs and SIEM tools, business executives might need bringing up to speed.
SOC stands for “Security Operations Center.” Dealing with cyber security on a passive basis alone (e.g. through firewalls, intrusion detection systems (IDSs)) is like building a wall around a castle and just hoping the enemy doesn’t find a way through or over it. Although there are different definitions, in most cases an SOC centralizes the security function of a business or organization. Setting up an SOC involves employing a team of people and setting up processes to monitor a host system or IT network and respond to any security incidents. Occasionally, one-person SOCs are found, but this is the exception.
Every SOC needs some kind of SIEM tool. SIEM stands for Security Information and Event Management, and so SIEM software is a set of tools for providing the information needed to detect and manage security events.
More specifically, SIEM tools aggregate and normalize data from various sources. This data can come from message logs (syslog), OS logs, end point devices, firewall/IDS output and network flow logs. Rather than simply logging all the data, SIEM tools then strip out anything irrelevant. This is called normalization. SIEM software then uses intelligent correlation rules to highlight links between events ready for analysis by a human IT support team. Analysts can then carry out NetFlow analysis and (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/incident-detection/log-management-siem/why-your-soc-needs-more-than-a-siem-tool/