Home page logo

basics logo Security Basics mailing list archives

Re: SOC and SIEM
From: Kartik.netsec () gmail com
Date: Wed, 1 Feb 2012 05:27:20 GMT

A Security Operations Center (SOC) is a department within a company or often outsourced which does (but not limited to) 
configuration management, change management of security devices like Firewalls, IDS/IPS, VPN, SIEM, AV etc. They also 
perform Security Incident response and Monitor the near real-time logs with the help of SIEM tools. There may be 
dedicated teams within a SOC with different reporting hierarchy for Device management and Monitoring to avoid conflict 
of interest depending upon contract/ legal requirement etc.

A Security Information & Event Management (SIEM) tool is simply a correlation tool through which SOC monitors the near 
real-time logs. It logs (if working properly :D) qualified events and alerts whenever there is an incident. It may also 
create tickets in local ticketing tool and send email/ sms alerts when integrated with other tools. You can tweak the 
tool as per your requirement.

Kartik, CISSP

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]