The CISA, in collaboration with international and U.S. partners like the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), has published guidance for organizations looking to implement Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
This article focuses on the implementation of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms, providing guidance for executives.
Key points include:
- Value and Functionality: SIEM and SOAR platforms enhance an organization’s visibility into network activity, improve the detection of cybersecurity events, and automate incident responses.
- Challenges and Costs: Implementing these platforms requires skilled personnel and involves ongoing costs related to licensing, staffing, and training.
- Recommendations for Implementation:
- Carefully consider whether to implement the platform in-house or outsource.
- Be aware of potential hidden costs across different products.
- Plan for ongoing implementation costs, particularly training.
- Properly implement a SIEM before considering a SOAR.
- Regularly test the performance of the platforms.
Please find more info on CISA WEBSITE