{"id":7037,"date":"2021-06-23T12:43:59","date_gmt":"2021-06-23T10:43:59","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=7037"},"modified":"2021-06-23T12:44:00","modified_gmt":"2021-06-23T10:44:00","slug":"the-differences-between-soar-and-siem","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/the-differences-between-soar-and-siem\/","title":{"rendered":"The differences between SOAR and SIEM"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h2 class=\"wp-block-heading\"><strong>When it comes to the SOAR vs. SIEM debate, it&#8217;s important to understand their fundamental differences to get the most benefit from your security data.<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/froehlich_andrew.jpg\" alt=\"Andrew Froehlich\"\/><\/figure>\n\n\n\n<p>By <a href=\"https:\/\/www.techtarget.com\/contributor\/Andrew-Froehlich\">Andrew Froehlich<\/a><\/p>\n\n\n\n<p>It&#8217;s not easy to understand the key differences when looking at SOAR vs. SIEM, because they have many components in common. Security information and event management, or SIEM, tools are a way to centrally collect pertinent log and event data from various security, network, server, application and database sources. <\/p>\n\n\n\n<p>Common examples of sources include firewalls, intrusion prevention systems, antivirus and\u00a0antimalware software,\u00a0data loss prevention\u00a0tools and secure web content\u00a0gateways.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>The aggregated data is then analyzed by the SIEM in real time to spot potential security issues. Because multiple data sources are analyzed, the\u00a0SIEM identifies threats\u00a0by correlating information from more than one source. The SIEM then intelligently ranks the events in order of criticality.<\/p><\/blockquote>\n\n\n\n<p>Security administrators are commonly tasked with sifting through the various events to\u00a0track down and remediate the source of the potential threat\u00a0or simply acknowledge it and tune the analysis engine to mark the event as a benign occurrence. Doing so helps the\u00a0SIEM\u00a0software better learn what is considered a true threat versus an event that merely looks suspicious.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How SOAR and SIEM improve SecOps<\/strong><\/h3>\n\n\n\n<p>While SIEM tools have been around for years,\u00a0Security Orchestration, Automation and Response\u00a0(SOAR) is the new kid on the block. When looking at SOAR vs. SIEM, both aggregate security data from various sources, but the locations and quantity of information being sourced are different. While SIEM will ingest various\u00a0log and event data\u00a0from traditional infrastructure component sources, a\u00a0SOAR takes in all that and more.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"What is SIEM (Security Information and Event Management)?\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/IeN-wjHetfA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>For example, SOAR will pull in information from external emerging threat intelligence feeds, endpoint security software and other third-party sources to get a better overall picture of the security landscape inside the network and out. SOAR takes analytics to a different level by creating defined investigation paths to follow based on an alert.<\/p>\n\n\n\n<p>Again, when comparing\u00a0SOAR vs. SIEM, SIEM will only provide the alert. After that, it&#8217;s up to the administrator to determine the path of an investigation. A SOAR that automates investigation path workflows can significantly cut down on the amount of time required to handle alerts. It also provides lessons about the security admin skill set required to complete an investigation path. <\/p>\n\n\n\n<p>Ultimately, a properly implemented SOAR can make your cybersecurity team more efficient.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>When it comes to the SOAR vs. SIEM debate, it&#8217;s important to understand their fundamental differences to get the most benefit from your security data. By Andrew Froehlich It&#8217;s not easy to understand the key differences when looking at SOAR vs. SIEM, because they have many components in common. Security information and event management, or SIEM, tools are a way<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/the-differences-between-soar-and-siem\/\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,30,3,272,9,224,238],"tags":[],"class_list":["post-7037","post","type-post","status-publish","format-standard","hentry","category-datacenter-news","category-expert-advise-and-opinion","category-industry-news-and-expert-advise","category-siem-log-management-and-big-data-security-analytics","category-tech-definitions","category-technical-explanations","category-timeless-articles"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/7037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=7037"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/7037\/revisions"}],"predecessor-version":[{"id":7038,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/7037\/revisions\/7038"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=7037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=7037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=7037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}