SIEM or SOC? SOC or SIEM? Or both? A short course in innovative cyber security.

In a security incident, there are four crucial questions: What happened? Where and when did it happen? And how did it happen? Answers to these questions come from the SOC and / or SIEM.

First the basics: SOC stands for Security Operation Center, SIEM for Security Information and Event Management. This is where potential threats to infrastructures are monitored, analyzed and averted, 365 days a year and around the clock. In a SOC, tools, processes and specialists such as analysts work together productively, a powerful combination to ensure the monitoring of networks. At KBC, cyber security experts work closely with other departments: IT, forensics, use case development and others. A SOC must be continuously adapted and improved. At K-Businesscom (KBC), a specially developed audit module is available for this purpose: "Test Your SOC".

A SIEM is a tool that searches for unusual incidents, anomalies and other signs of a cyber attack in heterogeneous systems and collects, analyses, "normalizes" and stores the corresponding data. The SIEM is based on the security guidelines of the company to be supported and works in the context of the corresponding rule parameters.

The question is: How do a SOC and a SIEM interact? Does one need the other?
A SIEM can be part of a SOC, but does not have to be. So can there be a SOC and a SIEM? Yes, of course. A SOC has a wide range of security technologies that can be used to monitor the IT landscape. A SIEM is only a small component that can be replaced by other solutions under certain circumstances. On the other hand, can there be a SIEM without a SOC? No, it cannot! In addition to the technology, the operation of a SIEM also includes processes and experts who operate this technology. These are all parts of a SOC.

Whatever the case may be, KBC is the ideal solution partner for all cyber security requirements. With SOC, SIEM and everything else that goes with it.