SIEM & SOC - Cyber Risk Terms 101

Today we are hearing more and more about cyber attacks and the acronyms “SIEM” and “SOC”, but what do they really mean? Let’s break it down in simple terms

What is a SIEM?

Security Incident and Event Management (SIEM) is simply a collection of software tools that can monitor, identify, log, and analyze security events within an IT environment. SIEM collects the data from a variety of sources including servers, infrastructure, and software (including email) which allows it to be analyzed and then presents it in a way that management can then make decisions on those findings. SIEM does not usually include human intelligence so it cannot detect zero-day attacks and needs a team to be looking at the data.

What is SOC?

Security Operations Center (SOC) is simply the team of experts who use advanced tools (SIEM) to thoroughly monitor your infrastructure for threats, including those from malicious insiders.

What’s else to consider?

SIEM & SOC sound pretty good right? Although it’s something that most organizations should consider, there are some things to you should know.

1)     SIEM tools can be costly to buy, setup, and maintain

2)     It’s a complex thing so you will need a skilled team (SOC) to run it. Don’t forget it’s 24x7 too!

What is “SOC-as-a-Service”?

For those with a limited budget, SOC-as-a-Service can provide just what you need. You are essentially outsourcing a portion of your security service focused on threat detection and incident response. SOC-as-a-Service is affordable because it doesn’t require an investment in SIEM tools or staff. It’s quick and easy to deploy and manage, and you’ll have the security experts you need to protect your business.

For more information about SIEM, SOC or me, send a LinkedIn message

#whalleycomputer