ACSC releases advice on implementing SIEM and SOAR platforms

The Australian Cyber Security Centre (ACSC) has published a series about implementing and prioritising Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms.

The ACSC says that implementing SIEM or SOAR platforms can greatly benefit organisations by collecting, centralising and analysing important data that would otherwise be extremely complex and scattered. The platforms also help organisations detect cybersecurity events and incidents and then prompt timely intervention through alerting and ensuring that incident responders have access to the data that records what happened.

The publications are designed to provide advice to executives and practitioners to help entities navigate decision-making around the procurement and implementation of these platforms.

Three publications have been announced:

• Implementing SIEM and SOAR platforms: Executive guidance defining SIEM and SOAR platforms, explaining their value and challenges, and providing high-level recommendations for implementing them. It is written for executives, but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR.
• Implementing SIEM and SOAR platforms: Practitioner guidance providing high-level guidance for cybersecurity practitioners and describing how a SIEM/SOAR can enhance visibility, detection and response as well as principles for procurement, establishment and maintenance of those platforms.
• Priority logs for SIEM ingestion: Practitioner guidance providing practitioners with detailed logging guidance for specific categories of log sources, such as from Endpoint Detection and Response tools, Windows/Linux operating systems, network devices and cloud deployments.
   

The guidance documents can be found here.

Image credit: iStock.com/Vertigo3d