Define the concepts of SIEM, SOAR, XDR

Completed

Protecting an organization’s estate, resources, assets, and data from security breaches and attacks is an ongoing and escalating challenge. Recently, the business world changed almost overnight as large numbers of staff switched to remote working, creating an exploitable window for cybercriminals. IT departments rushed to patch and strengthen their staff’s devices and their access to company assets and resources.

Cybercriminals will often escalate their activity in times of national or global crisis, looking to exploit the situation and find ways into your organization. Having a resilient and robust, industry-standard set of tools can help mitigate and prevent these exploits. Security incident and event management (SIEM), security orchestration automated response (SOAR), and extended detection and response (XDR) provide excellent security insights and security automation that can enhance an organization's network security perimeter.

Here, you’ll gain a general understanding of the Azure tools that support SIEM, SOAR, and XDR in protecting your network's security perimeter.

What is security incident and event management (SIEM)?

A SIEM system is a tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources. It does analysis, looks for correlations or anomalies, and generates alerts and incidents.

What is security orchestration automated response (SOAR)?

A SOAR system takes alerts from many sources, such as a SIEM system. The SOAR system then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue.

What is extended detection and response (XDR)?

An XDR system is designed to deliver intelligent, automated, and integrated security across an organization’s domain. It helps prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

To provide a comprehensive security perimeter, an organization needs to use a solution that embraces or combines all of the above systems.