SIEM or Security Information and Event Management is a technology platform that can detect security events, all while logging information for real-time or historical analysis.
Here’s an example. Someone is copying thousands of files from your server. A SIEM could:
Think of a SIEM as a courier vehicle, it drives around your network collecting audit log data from a variety of equipment including, but not limited to, your Firewall, Switches, Wireless Access Points, Servers, Workstations, Antivirus, EDR, etc. It will even collect and monitor all traffic on your network.
A SOC, or Security Operations Center, is a team of information security engineers who monitor and analyze system events on an ongoing basis.
If the SIEM is the vehicle, the SOC is the driver. The typical SOC is a centrally managed team of security engineers focused on monitoring specific systems for suspicious activity and often times intervening before attacks become significantly damaging.
A SOC will have engineers from a variety of security-related fields. In addition to security engineers, you might also have leaders who focus on impact, communications, and project/incident management. The SIEM is at the center of the SOC, as the SIEM provides the SOC with the pieces of information they need to take action.
The SOC will follow specific protocols such as monitoring coverage times and standards, steps to be taken in the event of an incident, responses to third parties including potentially law enforcement agencies or attorneys, and others.
Co-managed threat detection and response, backed by our in-house Security Operations Center (SOC), Perch can launch your cybersecurity program, or add depth to the visibility you already have.
Built from the ground up with multi-tenancy, Perch makes managing all of your customers a breeze. And it’s transparent – you can see everything that we see, all the way to the detailed Indicators of Compromise (IoCs) and our analysis.
Our team of threat analysts does all the tedium for you, while you collect all the accolades from your clients. If you prefer to analyze threat indicators yourself, just click Perchybana and dive in. Optional service level agreements guarantee a fast analysis turnaround.
Dynamic domain blocking for your favorite firewalls, fresh integrations like Cisco AMP for Endpoints, Carbon Black, SentinelOne, Umbrella, and Duo fuel a simplified workflow.
Defend your company against business email compromise (BEC), account takeovers, and have visibility beyond your network traffic. Make your Microsoft 365 & G Suite logs searchable, parsable, cleaner, and reportable. Build alerts that suit your needs to get notified in real-time, then investigate the impact through Perchybana.
Cover your environment with the best threat intel on market. Perch ingests and automates the most popular threat intelligence feeds – you can select which ones through our platform. No more noise for you, only identified threat activity from our SOC.
Perch sensors can be set up over a coffee break. You can install them yourself – or our team is can preform the installation. Our team is standingby to assist if you have any questions or difficulties.