CISA's New SOAR Guidance Shows Where Automation Must Go Next
Security Boulevard, Friday, May 30th, 2025
The US federal government and its international partners have provided the cybersecurity industry with a significant new resource.
The new guidance from CISA and the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), 'Implementing SIEM and SOAR platforms,' offers an actionable assessment of the security automation landscape and the challenges that modern security operations centers (SOCs) face.
The report offers a clear definition of a Security Orchestration, Automation, and Response (SOAR) platform. According to the guidance, a SOAR 'automates some of the response to detected cybersecurity events and incidents. by applying predefined 'playbooks'. These automated actions do not replace human incident responders but can complement them'.