The document discusses security operations centers (SOCs) and security information and event management (SIEM). It describes SOCs as teams that perform advanced security operations like monitoring, detection, and response. Key SOC components are people, processes, and technology like SIEM tools. SIEM tools unify security data from multiple systems and allow threats to be analyzed from a single interface, helping SOCs meet compliance requirements and detect advanced attacks. The document outlines responsibilities and benefits of SOCs and concludes that SIEM is vital for effective security monitoring and response.

1. LIBRARYRESEARCH PROJECT
SOC & SIEM
SUBMITTEDBY
Sonukumarsingh

3. PREVIEW
 INTRO
 SECURITY OPERATIONS CENTER (SOC)
 COMPONENTS : SOC
 RESPONSIBILITIES : SOC
 SIEM
 WHY SIEM IS NECESSARY?
 DIFFERENT SIEM TOOLS
 CONCLUSION

4. INTRO

5. SECURITY OPRATIONS CENTER (SOC)

6.  Security Operations Center is a team consists of cybersecurity experts and trained
engineers.
 It is different than other IT departments because SOC is dedicated to performing advanced
IT security operations.
 Security operations centre services are aimed at preventing any threats to cybersecurity
by early detection and response to any incident of hacking or data breach.
 It is a centralized and the most significant unit of a company that is responsible for
handling its security operations.
 The SOC team of an organization protects significant and confidential company data,
along with the brand integrity and business systems of the company.
SECURITY OPRATIONS CENTER (SOC)

7. COMPONENTS : SOC
 People.Organizations have the tendency to often give security a big budget for
procurement of a lot of tools & equipment, but will not give required importance to people that
implement the solution
 Processes.Timely detection and controlling the damage requires gaining greater visibility
into an environment with continuous monitoring capabilities.
 Technology. Security Information and Event Management (SIEM) technologies have
been at the heart of Security Operations Centers.

8. WORK FLOW : SOC

9. OPERATIONS : SOC
 Log Collection
 Log Retention & Archival
 Log Analysis
 Monitoring of security Environment for security events
 Event Correlation
 Incident Mgt
 Threat Identification & Reaction
 Reporting

10. • The basic responsibilities of a SOC team include the following:-
 Asset discovery and management involves obtaining a high awareness of all
tools, software, hardware and technologies used within the organization. These
also focus on ensuring all assets are working properly and regularly patched and
updated.
 Continuous behavioral monitoring includes examining all systems 24/7 year-
round. This enables SOCs to place equal weight on reactive and proactive
measures as any irregularity in activity is instantly detected. Behavioral models
train data collection systems on what activities are suspicious and can be used to
adjust information that might register as false positives.
 Keeping activity logs enables SOC team members to backtrack or pinpoint
previous actions that may have resulted in a breach. All communications and
activity should be logged by the SOC.
RESPONSIBILITIES : SOC

11. SECURITY OPERATION CENTER
 Alert severity ranking helps teams ensure the most severe or pressing alerts
are handled first. Teams must regularly rank cyber security threats in terms of
potential damage.
 Defense development and evolution is important to help SOC teams stay up to
date. Teams should create an incident response plan(IRP) to defend systems
against new and old attacks. Teams must also adjust the plan as necessary
when new information is obtained.
 Incident recovery enables an organization to recover compromised data. This
includes reconfiguring, updating or backing up systems.
 Compliance maintenance is key to ensuring SOC team members and the
company follow regulatory and organizational standards when carrying out
business plans. Typically, one team member oversees educating and enforcing
compliance.
RESPONSIBILITIES : SOC

12. SIEM

13. SIEM
 SIEM is tool about looking at what’s happening on the network through a larger lens than
can be provided via any one security control or information source.
 Intrusion Detection only understands Packets, Protocols and IP Addresses
 Endpoint Security only sees files, usernames and hosts
 Service Logs show user logins, service activity and configuration changes.
 Asset Management system sees apps, business processes and owners.
 However, none of these equipment individually, can tell what is happening to the network
in terms of security - but together, they can…
 SIEM is essentially, a management layer above all existing systems and security
controls.
 It connects and unifies all the information contained in existing systems, allowing them
to be analyzed and cross-referenced from a single interface.

14. WHY IS SIEM NECESSARY?
 Rise in data breaches due to internal and external threats
 Attackers are smart and traditional security tools just don’t suffice
 Mitigate advance cyber-attacks
 Manage increasing volumes of logs from multiple sources
 Meet strict confirming requirements
 Facilitated by SIEM : -
 Malware Investigation
 Phishing Prevention & Detection
 HR Investigation
 Departed Employees Risk Mitigation

16. ATTRIBUTES OF SIEM & SIEM TOOLS
 Attributes of SIEM System : -
 Log Collection
 Normalization
 Event Correlation
 Alerting
 Data aggregation
 Top SIEM Tools : -
 SIEM Splunk
 SIEM IBM QRadar
 SIEM Logrhythm

17. CONCLUSION
 The benefit of having a security operations center is the improvement of security
incident detection through a continuously monitoring & analysis of data activity. SIEM is a
vital component of modern cyber security strategies, providing organization with the tool
and capabilities needed to monitor and respond to security threat effectively. Among the
benefits of SIEM solution, they can help you store the normalized data, organized it, & easily
retrieve it if necessary.

18. BY BY