Organizations have been urged by U.S., Canadian, Australian, UK, and other countries' government agencies to fast-track the adoption of Security Information and Event Management and Security Orchestration, Automation and Response platforms that enable immediate cybersecurity event detection and response efforts, according to Infosecurity Magazine.
Included in the joint advisory were an executive guidance on SIEM and SOAR platform implementation, as well as a pair of practitioner guidance for SIEM and SOAR adoption and priority logging for SIEM ingestion. With the implementation of SIEM and SOAR platforms recognized to be an "intensive" process, organizations have been recommended to not only determine appropriate data types, quantities, and filters for SIEM ingestion but also establish a threat model configured to elicit a response only on actual cybersecurity events. The government agencies also called on critical services organizations to consider in-house SIEM and SOAR adoption, while those looking to outsource such platforms should ensure the availability of round-the-clock cyber incident monitoring and response services from their third-party providers.
Included in the joint advisory were an executive guidance on SIEM and SOAR platform implementation, as well as a pair of practitioner guidance for SIEM and SOAR adoption and priority logging for SIEM ingestion. With the implementation of SIEM and SOAR platforms recognized to be an "intensive" process, organizations have been recommended to not only determine appropriate data types, quantities, and filters for SIEM ingestion but also establish a threat model configured to elicit a response only on actual cybersecurity events. The government agencies also called on critical services organizations to consider in-house SIEM and SOAR adoption, while those looking to outsource such platforms should ensure the availability of round-the-clock cyber incident monitoring and response services from their third-party providers.
