- Disable User
- Posts
- Unpopular opinion: is Microsoft the security GOAT? SIEM vs SOAR: what's the difference?
Unpopular opinion: is Microsoft the security GOAT? SIEM vs SOAR: what's the difference?
Security weekly
Disable User
March 09, 2023
Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.
In this week's edition:
🤷♂️ SIEM vs SOAR: What’s the difference?
☹️ Unpopular opnion: is Microsoft the security GOAT?
❔ Disable User Explains:
🔥 the quick and dirty
Reading time: 03:42
SIEM vs SOAR: what’s the difference?
Just when I thought the term SIEM was on the rise - with a lot of vendors coming out with their own take on what a SIEM should be - there’s a new sheriff in town: SOAR.
No clue what I’m talking about? No worries, neither do I most of the time.
But in this case I put on my research-hat, bothered some people, read some articles, took a nap and then typed this quick comparison between the two.
So, what’s a SIEM?
Security Information and Event Management system
Once a business starts investing in Cyber security defenses, numerous products will start generating logs and alerts.
It’s important to know which information you want to see first, later or not at all.
If you have no system helping you, it’s hard for anyone to stay up-to-date and get the relevant information.
Basically a tool that combines logs from different sources, making them readable and actionable.
So, what about a SOAR then?
Security Orchestration, Automation and Response system
My brain every time I read the word “orchestration”
Even with a SIEM doing most the work, security princesses analysts still found it too much to deal with.
So they build a tool to further automate their work, and called it SOAR.
So for example;
The SIEM generates an alert saying a user has just logged in from Egypt, while it was logged in Washington a few minutes ago.
This alert would be generated by the SIEM.The SOAR then gathers all similar information from the sources it knows, so it can provide the analyst with a total overview.
In the meanwhile the SOAR blocks the user, as this action is ‘impossible’.
Giving the analyst time to .. analyze.
Why they couldn’t just build this into the SIEM and use the same acronym, I don’t know.
Unpopular opinion: is Microsoft the security GOAT?
For some reason it’s very trendy to bash Microsoft.
I mean I get it:
It’s hip and trendy to be seen using Apple products
It’s cool and warrants status if you say you’re running Linux
Nobody ever got accepted into the cool kid gang by saying they own a Windows 11 device.
And Microsoft’s founders aren’t really helping either..
The Windows ‘95 launch really brought out Bill’s enthusiasm
But let’s face it.
Windows is the undisputed number one operating system being used in businesses.
Microsoft 365 is a top 3 collaboration and productivity cloud platform.
Microsoft Azure is a top 3 cloud hosting platform.
So the chances you’re using something Microsoft in your organization are pretty high.
And if you are, it makes sense to use their security products as well.
Who else is better at protecting their own, right?
Of course there are loads of options withing the Microsoft security portfolio, and not all are as good as the other.
So here’s a list of the winners and losers, rated by ya boy:
Winner: Microsoft Conditional Access - man I love this product. MFA on steroids. Easy to use, with a wide range of options.
Loser: Microsoft Purview (I keep typing Purrview, sounds way cuter) Information Protection - In the category ‘sounds good doesnt work’ I present to you: Information Protection. Althought it’s gotten better over the years, it’s still a hassle. And the user adoption is very low - but that’s not really MS’ fault.
Winner: Microsoft Intune & Autopilot - Not really a security product per se, but still a very good endpoint management tool. Sometimes a little rough around the edges, but I like working with it.
Winner: Microsoft Defender for Cloud - A lot of other vendors have caught up and released similar products. But this was, and still is, a very good tool for preventing phishing.
Winner: Microsoft Defender for Cloud Apps - Access management for the big boys. Comes with a cost, but amazing insights and very actionable.
Winner: Microsoft Defender for Endpoint - Please don’t think the free version is enough. Upgrade and gain insights. And the more Defender products you have, the better the insights and remediation.
Loser: The Microsoft naming department - Chose a name and stick with it. And find something better than naming everything ‘Defender for’.
Here’s a cool thread on Microsoft security in action;
As a recent investigation shows, business email compromise (BEC) attacks move fast—from signing in with compromised credentials & registering domains to setting inbox rules & hijacking a thread—highlighting the need to quickly detect and disrupt malicious actions leading to BEC. https://
— Microsoft Security Intelligence (@MsftSecIntel)
5:09 PM • Mar 8, 2023
Orchestration (IT)
The automation of many related tasks.
For example, automating user creation from start to finish:
creating a user with the required access
assigning licenses
spinning up a device and installing it
creating an HR entry
…
The quick and dirty
Apple releases new yellow iPhone 14 and 14 Plus - who asked for this? Send me an email, I’m worried.
Emotet malware attacks return after three-month break - even hackers need a vacay every now and then
Acer confirms breach after 160GB of data for sale on hacking forum - I guess their 10 customers will be bummed out.
Meme of the week
