Today, in collaboration with our international partners, we published a series about implementing and prioritising Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
Implementing SIEM and/or SOAR platforms can greatly benefit your organisation by collecting, centralising, and analysing important data that would otherwise be extremely complex and scattered. The platforms also help your organisation detect cyber security events and incidents and then prompt timely intervention through alerting and ensuring that incident responders have access to the data that records what happened.
This series of publications provide advice to executives and practitioners to help entities navigate decision making around the procurement and implementation of these platforms. There are 3 publications:
- Implementing SIEM and SOAR platforms: Executive guidance defines SIEM and SOAR platforms, explains their value and also their challenges and provides high level recommendations for implementing them. It is written for executives, but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR.
- Implementing SIEM and SOAR platforms: Practitioner guidance provides high-level guidance for cyber security practitioners and describes how a SIEM/SOAR can enhance visibility, detection and response as well as principles for procurement, establishment and maintenance of those platforms.
- Priority logs for SIEM ingestion: Practitioner guidance provides practitioners with detailed logging guidance for specific categories of log sources, such as from Endpoint Detection and Response tools, Windows/Linux operating systems, network devices and Cloud deployments.
Read the publication series to learn more.