Security Basics mailing list archives

Re: SOC and SIEM

From: Román Ramírez <rramirez () rootedcon es>
Date: Tue, 31 Jan 2012 18:21:00 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Can any one explain what are the main differences between a
Security Operation Center (SOC) and a Security Information and
Event Management System (SIEM).


SOC:

A lot of funney dwarves playing with a SIEM, consoles, and magic wands
and tools, saying they will give you an alert whenever they detect and
incident. They seem to configure devices too (I said "seem" as in my
language this means they use to "break" my devices too).


SIEM:

This is a tool that every manfacturer says that can import every piece
of log with no effort and no money (false, you will have to pay a lot
to integrate your "non standard" plataforms and what about the
fantastic (and stupid) EPS ratio?), that can make correlation
(translation: store the logs for 15 days and pray), and give you
advanced "intelligence" over your network and security devices, that
are managed by the dwarves who will refuse to give log information to
your SIEM manager (and please, make a prayer to keep them separated).


I'm not sure if this will help (I'm quite sure it won't :) )
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPKCL8AAoJEDImBUOIKbdko1MIAIQcA0Gx5wOavcTWW3oMaayK
wXFF9BH3REpZB+Dc2lQXM4Suq3czvUwysbY3GoJZE8Oi7zJOZgFe/j86yVKs0dfm
X2L/k3sqM7WNlePA3WAolZcqfrta3ReYlkWsM1/MN6/eQZeiO1NORgovjk2TJ66f
wBmZHsqQi3alGdUK1hunxKZDsee0/tD9JvH1XUdOvm38vdQNSEem9fiGU4JbK992
+uhS6s0dBY3CKpJOb9P5Ii5SR2zwwFHk6B4L1IYSIEbPIPr8EQhnarEdW39kQ/XW
zDfgFeOQ0eiTNeMtAlps+bdEqcZVQNUj1xzjg86zi5S8to3PJ0QdLNCpcPkrbNc=
=tyEO
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

SOC and SIEM Raheel Hassan (Jan 31)
- RE: SOC and SIEM Eggleston, Mark (Jan 31)
- Re: SOC and SIEM Román Ramírez (Jan 31)
- Re: SOC and SIEM Hal Wigoda (Jan 31)
- <Possible follow-ups>
- RE: SOC and SIEM Greg Carson (Jan 31)