Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Daily monitoring and analysis of an organization's security stance are crucial in fighting against cyberattacks. A security operations center (SOC) is the cornerstone of the system security of any organization because it accomplishes the task of daily security monitoring, tracking, and analysis. Consisting of people, processes, and technologies, it is considered a central point for flows and events happening in the system. Thus, a good SOC unit facilitates the investigation of and response to threats and incidents. A security information and event management (SIEM) solution is a system used by organizations to collect, aggregate, correlate, analyze, and prioritize threat data sources and feeds in order to identify security incidents and events. SOC analysts can then leverage SIEM output to take protective measures. From the given explanation, we can already establish the difference between a SOC and a SIEM solution. A SOC...
