SOC - Security Journey

SIEM tool is the heart of the modern SOC. For most of the security processes SIEM tool lays the foundation and saves the effort of all security analysts. SIEM brings in a huge amount of log data from many different assets which belongs to the organization. SIEM Security is nothing but the integration of all security tools, monitoring tools, servers, cloud workloads and endpoints to SIEM solution. A SIEM tool collects log data and event data from all the systems, analyze and generate alerts when there are any suspicious activities identified which can lead to a security incident. All SIEM solutions have three main stages: 1. Data Collection - Collecting log and event data from all the assets of organization - systems, devices, endpoints, apps, security tools, network devices, etc. 2. Data Consolidation - Normalizing and categorizing the collected raw data which can be used by soc analysts to perform analysis. Categorizing data can be done by using origin of the user, systems accessed,...

SIEM - Security Information and Event Management, a security solution to address security threats and vulnerabilities which can interfere with organization's business operations. SIEM tool helps the organization's security team to detect any anomalies in its network and alerts the SOC team. Most recent SIEM tools have incorporated artificial intelligence (AI) which can help in automating most of the manual processes related to threat detection and incident response increasing productivity. SIEM = SIM + SEM SIM - Security Information Management SEM - Security Event Management SIEM is the combination of SIM and SEM, enabling the real-time monitoring and analysis of security events along with tracking and logging of security data for compliance / auditing.  SIEM has evolved over the years and embedded UEBA - User & Entity Behavior Analytics along with many other security analytics and features like AI and machine learning to identify any abnormal or anomalous user behaviors wh...