Building a modern SOC: The importance of SIEM

Building a modern SOC. Security Information and Event Management (SIEM) technologies are not new, but there remains plenty of misinformation and misunderstanding about how to use them.

How SIEM delivers significant operational efficiencies

SIEM technology is an ideal foundation for your Security Operations Centre (SOC). It operates quickly and autonomously, interfaces with all your systems and security controls and works the way your people and stakeholders need it to. Let’s explore considerations on how to deploy a SIEM and upgrade your security to enable proactive threat hunting.

Building a modern SOC with SIEM

Support your security team

By integrating SIEM into the core of your SOC and re-engineering some of the processes you can start to improve your cyber assurance and realise a highly favourable ROI. Let’s start with staffing; you might already have a security team looking after firewalls, antivirus products and intrusion prevention systems. That’s a lot of “security systems” to monitor and you may think that the addition of a SIEM is yet another thing to do. However, SIEM is a consolidation technology that merges information from all these systems to a single screen.

Instead of going straight to security operations, start talking to your network, server and desktop teams, and maybe even your database team, to see which aspects of security operations would sit more naturally with them. For example, adjusting the rule-set on a firewall is not unlike changing the configuration on a router or core switch. Your network team almost certainly knows all about firewall administration already. Firewalls are simply another networking device. If you can move the operation and management of your firewalls to the networking team, you’ll have freed up the time for your security operations team to focus on threat management and assurance.

A second example might be to consider reallocating responsibilities for your antivirus technology to your server and desktop team. That team usually manages the configuration and software build of operating systems, along with software distribution and general systems administration, so adding your antivirus technology to their portfolio makes logical sense. These small changes are starting to free up enough time for your security team to initiate proactive threat hunting practices and develop more rigorous vulnerability assessments.

What is a Security Operations Center?

A security operations center is the central “hub” in which internal IT and cybersecurity teams within an organisation participate in threat detection, analysis, and response. An intelligent SOC enables security teams to:

• Build an adaptive SIEM architecture

• Leverage advanced security analytics

• Explore integrated threat intelligence

• Automate incident responses

• Investigate and visualise threats and solutions