The National Security Agency has partnered with the Australian Signals Directorate’s Australian Cyber Security Centre, also known as ACSC, and other international organizations to provide guidance for implementing SIEM, which is short for Security Information and Event Management, and SOAR, or Security Orchestration, Automation and Response.
New documents published Tuesday aim to define, identify potential challenges and share recommendations for implementing SIEM and SOAR tools.
What Are SIEM & SOAR?
SIEM and SOAR enable an organization to gain better visibility of its network. According to NSA, SIEM collects, aggregates and correlates log data to monitor cyber activity and identify threats. Meanwhile, SOAR analyzes data to automatically send out alerts as soon as it detects malicious cyber activity, accelerating mitigation and response.
SIEM and SOAR work hand-in-hand to secure networks and more rapidly detect cyber incidents.
The first document, titled Implementing SIEM and SOAR platforms: Executive guidance, said that adopting SIEM and SOAR as part of an organization’s cybersecurity strategy requires ongoing human intervention. Cyber personnel must ensure that they are applying the appropriate types, quantities, rules and filters for data ingested by the SIEM tool.
Meanwhile, the Implementing SIEM and SOAR platforms: Practitioner guidance reminds network defenders to carefully configure SOAR platforms based on their organization’s unique environment. Cyber professionals must determine which cyber incident responses must be automated and how these actions may affect products and services. Without properly configuring SOAR’s automated response, the cyber tool may misidentify regular user or system behavior, take automatic measures and disrupt service delivery.
Both publications also discuss different aspects of adopting SIEM and SOAR platforms, such as costs, use cases and best practices.
A third guidance, called Priority Logs for SIEM Ingestion: Practitioner Guidance, offers detailed recommendations of data logs that SIEM platforms must ingest to improve performance.
Related Articles
The Senate on Saturday voted 59-35 to confirm Sean Cairncross, a former Republican National Committee official, as the next national cyber director. With his confirmation, Cairncross succeeds Harry Coker as head of the White House Office of the National Cyber Director. In this capacity, he will serve as the principal adviser to the U.S. president on cybersecurity strategy and policy in relation to the coordination of information security and data protection; efforts to deter malicious cyber activity; and programs and policies meant to improve the U.S. cybersecurity posture, among others. In February, President Donald Trump nominated Cairncross to the role.
Edward Forst has been nominated by President Donald Trump as the next administrator of the General Services Administration, succeeding Robin Carnahan, who resigned in January after serving for nearly four years. The White House announced the nomination on Sunday. Who Is Edward Forst? Forst is a seasoned executive and investor with vast experience in the global financial services and real estate industries. He most recently served as chairman of London-based private equity firm Lion Capital for three years. He was also the CEO of Cushman & Wakefield from 2013 to 2015. He spent 17 years at Goldman Sachs serving various senior executive
The Senate voted on Thursday 53-44 to confirm Matthew Kozma as the new undersecretary of the Department of Homeland Security for intelligence and analysis. In his role, Kozma would manage the Office of Intelligence and Analysis, which detects and addresses domestic and international threats, cyber risks and evolving national security issues, Homeland Security Today reported. He will lead the intelligence efforts to ensure the sharing of threat information between federal, state and local agencies. Find out more about the challenges and opportunities of the agency at the Potomac Officers Club 2025 Homeland Security Summit on November 12. Get insights into