The right tools for Modern SOCs
Modern SOC is the Digitization of SOCs, think of Automated SOC, or Scalable SOC, and here’s how we got here:
Log collection has always been one of the pinnacles of security management. Logs are the way to look back into what really happened with a particular incident, be that an incident in a Single Device, on the Network or even with an Account. Logs are just that important, including for auditing (and thus, compliance) purposes.
I don’t know about you, but when I need to check if my network is suffering from wi-fi attacks I rely on good old events from my UTM to tell me what’s going on. And if my machine crashes, logs tell me what happened.
That is, of course, because I don’t own / have a SIEM.
For the past 20 years, Security Operation Centres needed exactly this, all the logs of the network, centralized, ready for query and search. Until they got overwhelmed with threats, and alerts.
Let’s have a look at Challenges of Modern SOC and tools to assist them.
./SIEM
Security Information and Event Management (SIEM) tools have been around for more than 2 decades now in some shape of form. Some professionals claim to have worked on similar technologies as far back as 1999.
