It is possible to quickly respond to threats

[ashamoni56776]

Microsoft Sentinel's role is defined as a "scalable, cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) solution." ・SIEM: Abbreviation for Security Information and Event Management. Refers to responding to "targeted attacks." A targeted attack is a systematic cyber attack that is sustained and carried out over a long period of time, targeting specific companies, government offices, or individuals.

It is difficult to detect just by looking at the individual alerts of security products, and even if an attacker is detected, they repeat attacks persistently. ・SOAR: Abbreviation for Security Orchestration South Africa Email List and Automation Response. This refers to automating the analysis and response that security administrators perform in response to SIEM. SOAR also has the role of smoothly supporting the collaboration of various technologies,




so it has been attracting attention in recent years as a solution to compensate for the shortage of IT human resources. SIEM collects and analyzes the "logs" of security devices and software, creates a list of communications and behavior, and supports everything from detection to analysis of dangerous access. On the other hand, SOAR can automate security management and supports everything from detecting cyber attacks to analysis and countermeasures.