Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

Distinguishing between a SOC and SIEM

Both a SOC and a SIEM are essential components of any Information Security framework. SOC stands for “Security Operations Centre” and is a facility operated by security analysts and engineers to manage security operations through processes and tools.  The role of the SOC is to monitor the SIEM (explained below) and manage the operational component of Information (Cyber) Security.  

SOC analysts work together to detect, analyse, respond and report events, to prevent information breaches in the IT environment.  A SOC would not usually be responsible for physical security, having said that, there may be a requirement to report physical security events to the SOC for reporting and communication to the organisation.  

SIEM stands for “Security Incident Event Management” and is a set of tools to help manage Information Security.  A SIEM’s goal is to collect and analyse aggregated log data from servers, networks, endpoints, websites and databases. The SIEM then inspects the logs, looking for events that could indicate a potential security breach or an actual breach.  A SIEM should provide the following functions:

  • Data aggregation
  • Advanced analytics
  • Security event correlation
  • SOC automation
  • Dashboards
  • Threat intelligence
  • Threat hunting
  • Forensics

The two technologies are entirely complementary to each other. The security analysis allows the team to respond to an event, while the data presented by the SIEM enables the SOC to respond promptly with the right actions to deal with the security event.  

Not all organisations will need a SOC and SIEM. The first step in analysing the need for these services, is to think about the sensitivity of data held by the organisation, and the level of threats they face. Before considering a SOC and SIEM solution whether it is in-house or via a third party, an organisation should ensure they have a security framework in place, having carried out a comprehensive analysis of the risks to the organisation.

vSEC can help organisations implement an Information Security framework, assess your risks and select the appropriate solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

This website uses cookies. By continuing to use this site, you accept our use of cookies.