Governments Call for Smarter SIEM and SOAR Adoption

A new advisory from cybersecurity agencies across the US, UK, Australia, and Canada is urging organizations to make Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms a higher priority, according to Infosecurity Magazine. The joint guidance aims to help both executives and security teams navigate the complexities of selecting, implementing, and maintaining these tools. At the core of the message is the need to centralize threat detection and streamline incident response in increasingly complex IT environments.

The advisory includes documents for executives and practitioners, covering everything from procurement considerations to best practices for log ingestion. SIEM tools are designed to collect and analyze log data from across an organization’s infrastructure, while SOAR platforms automate incident response workflows. Together, they offer a more complete view of security events and enable faster, more effective action when threats arise. However, the guidance acknowledges that implementation is neither simple nor cheap.

Deploying SIEM and SOAR requires more than just purchasing the technology. It involves developing threat models, tuning alerts to avoid fatigue, and ensuring that automated responses don’t interfere with legitimate network activity. These systems must be configured to reflect the specific risks and infrastructure of the organization. The advisory recommends that entities handling sensitive data or critical services consider building in-house capacity to manage these tools, though that approach comes with the added cost of skilled personnel and platform licensing.

For organizations that opt to outsource, the advisory stresses the importance of evaluating service providers carefully. This includes ensuring around-the-clock monitoring capabilities and understanding any jurisdictional issues related to data storage. It also warns of hidden costs—especially in SIEM platforms that charge based on data volume. Without proper oversight, organizations risk overspending due to uncontrolled log ingestion.