When building a Security Operations Center (SOC), is a SIEM enough?
Is this a philosophical question? 😉
MITRE: Ten Strategies of a World-Class Cybersecurity Operations Center
In a word: no.
Of course you will need people to look at the event streams and make sense of them. This is true regardless of the amount of automation you build into the SIEM/SOAR system. You should also look at EDR/XDR solutions. SIEM tends to be a lagging indicator. EDR can potentially stop things before they create an incident. This is a really loaded question.
It's a good start, but you will also need security analysts, automation, processes to follow, etc.
This is a somewhat strange question in my opinion. It depends!. If your SIEM covers every possible threat vector for your organization then I guess it would be ok. In real life, it's highly unlikely that this would be the case though. You would probably need elements of SOAR, EDR etc too. I might be wrong.
In one word, nope! A SIEM is a robust tool to fetch logs and correlate, analyze uses the build in AI to show you its calculated output. However, first thing while you procure a SIEM, understand your business, identify your threat landscape. You are going to need many use cases catered for your organization. While building the use cases, you might come up with the need to many tools, whose logs are needed in the SIEM to make it something useful.
Short answer would be no. SIEM is a great start, but not enough. For a more mature SOC you would want to incorporate more tools and data sources to enhance detection and analytic capabilities.