REPORT: SOC CHALLENGE 2

Hansaka Costa – TP048451

APRIL 30, 2022

MR. UMAPATHY EAGANATHAN
SoC, Asia Pacific University
Contents
SoC Challenge 2 ............................................................................................... 2
1. SIEM & How It Works .......................................................................... 2
1.1 Log Management ................................................................................ 2
1.2 Event Correlation & Analytics............................................................ 2
1.3 Incident Monitoring & Security Alerts ............................................... 3
1.4 Compliance Management & Reporting ............................................... 3
2. One Example of SIEM & Compatible Platform ................................... 4
2.1 Platform.............................................................................................. 4
3. Can MSSGARD be Considered as NextGen SIEM? Why? ................. 5
References ..................................................................................................... 7

1|Page
 SoC Challenge 2

1. SIEM & How It Works

SIEM is a part of an IT infrastructure’s security ecosystem. It combines SIM – Security

Information Management and SEM – Security Event Management to form SIEM - Security
Information and Event Management. It offers real-time alerts based on events and analysis of
such events. Furthermore, it logs security data for compliance and auditing purposes.

All SIEMs collects and aggregates data from different systems and networks and then proceeds
to consolidate and sort to identify threats. Different SIEMs provide different capabilities,
however, they all have basic functions such as:

1.1 Log Management

SIEM collects event data from a variety of sources within an organization's network. Logs and
flow data from users, applications, assets, cloud environments, and networks are gathered,
saved, and analyzed in real time, allowing IT and security teams to centrally manage their
network's event log and network flow data.

Some SIEM solutions additionally connect to third-party threat intelligence feeds, allowing
them to compare their internal security data to previously identified threat signatures and
profiles. Teams can block or identify new sorts of attack signatures by integrating with real-
time threat feeds.

1.2 Event Correlation & Analytics

Any SIEM system must have event correlation as a component. Event correlation gives insights
to swiftly find and mitigate possible risks to enterprise security by utilizing sophisticated
analytics to identify and analyze complicated data patterns. SIEM systems reduce IT security
teams' mean time to detect (MTTD) and mean time to respond (MTTR) by offloading the
manual operations involved with in-depth security event analysis.

2|Page
 1.3 Incident Monitoring & Security Alerts

SIEM systems can identify all entities in the IT environment since they provide centralized
control of on-premise and cloud-based infrastructure. SIEM technology can then monitor for
security incidents across all connected people, devices, and applications, identifying suspicious
activity as it occurs in the network. Administrators may be warned promptly using
customizable, established correlation criteria and take necessary action to minimize the
situation before it escalates into more serious security risks.

1.4 Compliance Management & Reporting

SIEM solutions are a popular choice for businesses that must comply with a variety of
regulations. SIEM is a powerful tool for gathering and validating compliance data across the
whole corporate infrastructure since it allows automated data collection and analysis. SIEM
systems may create real-time compliance reports for PCI-DSS, GDPR, HIPPA, SOX, and other
compliance requirements, easing security management and identifying any breaches early.
Many SIEM solutions provide pre-built add-ons that can create automatic reports to fulfill
compliance needs right out of the box.

(Petters, 2020) (What is SIEM and how does it work?, 2021)

3|Page
 2. One Example of SIEM & Compatible Platform

Splunk Cloud Platform™

2.1Platform

Splunk Cloud Platform™ works on a cloud platform as “Splunk as a service”, similar to cloud
SaaS – Software as a service. It allows for scalability in a matter of days as this service
platforms involves specialists directly from Splunk working to smooth scalability depending
on the customer’s analytics. As a SaaS cloud-computing platform, customers can opt to
integrate other specialist tools into their software plan such as machine learning focused threat
hunting provided by Splunk.

Figure 1: Splunk Cloud Platform™ (Mensing, 2021)

4|Page
 3. Can MSSGARD be Considered as NextGen SIEM? Why?

Figure 2: Difference between traditional SIEMs and NextGen SIEMs (Cesmng, 2021).

Traditional SIEMs logs, analyses, monitors incidents and provides security alerts with the
ability to generate reports.

5|Page
However, NextGen SIEMs do more than traditional SIEMs such as threat detection, anomaly
detection, incident response and compliance. As MSSGard does all of the above mentioned
operations, it can be considered as a NextGen SIEM.

(Cesmng, 2021)

6|Page
References

Cesmng. (2021, 07 12). What is the difference between SIEM and Next-Generation SIEM.
Retrieved from UTMSTACK: https://utmstack.com/what-is-the-difference-between-
siem-and-next-gen-siem/#:~:text=Threat%20Detection,-
Threat%20detection%20is&text=Anomaly%20detection%20helps%20to%20identify,
predict%20threats%20and%20attacks%20attempts.

Mensing, A. (2021, April 08). What's New in Splunk Cloud Platform. Retrieved from SPLUNK:
https://www.splunk.com/en_us/blog/platform/what-new-in-splunk-cloud-
platform.html

Petters, J. (2020, June 15). What is SIEM? A Beginner’s Guide. Retrieved from VARONIS:
https://www.varonis.com/blog/what-is-siem

What is SIEM and how does it work? (2021, 03 10). Retrieved from FIREEYE:
https://www.fireeye.com/products/helix/what-is-siem-and-how-does-it-work.html

7|Page