Summary: On Tuesday, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.

Analyst Note: Cybersecurity teams need tools that give visibility into their organizations’ network traffic and endpoints. However, simply having the right tools doesn’t automatically offer insights into your security situation. SIEM and SOAR platforms give organizations the visibility necessary to enable efficient security operations and incident response, so far as they are implemented and configured properly. This guidance is applicable to all organizations, whether to get the most out of currently deployed SIEM and SOAR tools, or if seeking to implement these tools for the first time. WaterISAC encourages members to review this guidance and implement the recommended best practices as is appropriate for your utility.

Original Source: https://www.cisa.gov/resources-tools/resources/guidance-siem-and-soar-implementation

Additional Reading:

• Implementing SIEM and SOAR platforms: Executive guidance
• Implementing SIEM and SOAR platforms: Practitioner guidance
• Priority logs for SIEM ingestion: Practitioner guidance

Related WaterISAC PIRs: 12