On May 27, the National Security Agency (NSA) announced that it has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other agencies to release three publications providing guidance for cybersecurity executives and network defenders to consider when implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
SIEM solutions collect, aggregate, and correlate log data, empowering network defenders to monitor activity and uncover advanced cyber threats. SOAR platforms work hand-in-hand with SIEM tools, utilizing their data collection and analysis to deliver timely responses to detected malicious activity, especially in Zero Trust architectures.
Collectively, the publications define SIEM and SOAR platforms, outline potential challenges, provide recommendations for implementation, and highlight relevant benefits for executives and practitioners.
The first guidance, “Implementing SIEM and SOAR Platforms: Executive Guidance,” outlines the role, benefits, challenges, and best practices of SIEM/SOAR implementation. The companion guide, “Implementing SIEM and SOAR Platforms: Practitioners Guidance,” details how SIEM/SOAR can enhance an organization’s visibility, detection, and response, and outlines principles for procurement, establishment, and maintenance of the platforms.
The third guidance, “Priority Logs for SIEM Ingestion: Practitioner Guidance,” provides practitioners detailed technical guidance for specific categories of log sources, such as Endpoint Detection and Response tools, Windows/Linux operating systems, network devices, and Cloud deployments.
The publications are especially relevant for National Security Systems (NSS), the Department of Defense (DoD), and the Defense Industrial Base (DIB); the authoring agencies urge these cybersecurity executives, network owners, and practitioners to implement SIEM/SOAR platforms using the guidance provided to effectively detect and respond to possible intrusions.
Additional co-sealers for the ASD’s ACSC guides are the Cybersecurity and Infrastructure Security Agency (CISA); the Federal Bureau of Investigation (FBI); the Canadian Centre for Cyber Security (CCCS); the United Kingdom’s National Cyber Security Center (NCSC-UK); New Zealand’s National Cyber Security Center (NCSC-NZ); Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Computer Emergency Response Team (JPCERT); the Republic of Korea’s National Intelligence Service (NIS); Czech Republic’s National Cyber and information Security Agency (NUKIB); and Singapore’s Cyber Security Agency (CSA).
Read the full reports:
Source: NSA
Help IC News continue to bring you breaking news from across the IC and IC contracting landscape. Join our paid subscribers today.
By Loren Blinde
May 28, 2025
