Enterprises use a wide and growing variety of cloud solutions. Cloud platforms, systems, software, and data need to be protected from threats and attacks. Likely, a company will also have a variety of security solutions. To create one integrated view of the security of the entire IT environment, companies will have to implement security tooling that enables this single point of view. In this chapter, we looked at SIEM and SOAR systems, tools that can collect data from many different sources and analyze it against security baselines. Ideally, these tools will also trigger automated responses to threats, after calculating the risks and the business impact.
The functionality and differences between SIEM and SOAR have been explained. After reading this chapter, you should have a good understanding of how these systems can integrate with cloud platforms.
In the last section of this chapter, leading SIEM and SOAR solutions were discussed. The chapter concludes this section...