Table of Contents
It’s encouraging to see the press and industry leaders amplify CISA’s voice—because that’s exactly what we need. When a trusted authority steps in with clear, prescriptive recommendations, it becomes even more valuable. Why? Because the real gap isn’t knowledge, it’s action.
Every year, I’m asked to predict the latest trends in enterprise cybersecurity. Customers, industry leaders, journalists, and podcasters all want insights into the newest technologies, buzzwords, and emerging threats. AI, of course, has dominated much of the discussion, but there are new information-sharing initiatives, consolidation among industry players, regulatory shifts, law enforcement breakthroughs, and evolving attack vectors. These changes shape enterprise security. But amidst all the noise, one glaring issue remains: fundamental security practices still aren’t being implemented.
That’s the gorilla in the room, and once again, CISA is shining a light on it.
When asked what enterprises should do to strengthen security in the new year, my answer is still the same: implement the cybersecurity fundamentals we’ve been preaching for the last decade. If these guidelines had been written ten years ago, they’d be nearly identical to today’s advice. Yes, cybersecurity evolves, and emerging technologies matter—but most organizations still lag behind in executing long-established best practices. The latest CISA guide underscores this reality.
Every cybersecurity framework mandates log ingestion and analysis. No security program functions without it. No data policy or compliance standard operates effectively without log data. And virtually every protection system has the capability to generate logs.
These aren’t enhancements—they’re table stakes.
CISA even offers a free SIEM tool for organizations without a budget (though staffing is still essential). While smaller companies benefit from that accessibility, the guide also highlights telemetry sources that are critical for large enterprises. Cloud, SaaS, and authentication only appear in the telemetry list—reinforcing that this isn’t a step-by-step technical manual, but a foundation for cybersecurity.
Enterprise networks are far more complicated than they were years ago, mainly because of the move to the cloud and SaaS. Even the remote workforce isn’t such a new thing. The cloud providers are finally providing tools and visibility to allow us to protect these surfaces, and MDR companies like CyberMaxx know how to alert and respond. And there’s so much more to implement like IAM (Identity and Access Management), UEBA (User and Entity Behavior Analytics), CTEM (Continuous Threat Exposure Management), zero-trust, SASE (Secure Access Service Edge), micro-segmentation, secure browsing, API protection, AI workload protection, all while attacks keep increasing. Where does that leave us if all we’ve been able to accomplish is getting logs collected. Why aren’t our cybersecurity programs getting more mature?
The key takeaway? Competence is non-negotiable.
Whether security is outsourced or managed internally often depends more on company culture than on a calculated decision. CISA’s guide remains neutral in that regard—if anything, its emphasis is on people over systems. Security isn’t just about technology; it’s a process that requires policies and procedures to make tools effective.
I want to see more prescriptive guidance from authoritative organizations like CISA, especially frameworks that integrate directly into various compliance standards. That’s something I’ve blogged about before—because compliance sometimes is the only thing that drives real change. The security landscape is far too fragmented in terms of solutions and best practices. Any movement toward standardized approaches should be welcomed, even if it starts with the basics.
CISA has taken a step in the right direction. Let’s encourage them to go even further—whether by diving deeper into SIEM and SOAR or publishing the next critical guide.
What should that next guide be? Comment here, and I’ll share my thoughts.
Article Source Materials:
Content in this article is based on several sources who have written about the new Guidance for SIEM and SOAR Implementation that CISA published recently in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre. The full document set can be found here https://www.cisa.gov/resources-tools/resources/guidance-siem-and-soar-implementation. The document set is composed of three sources:
- Implementing SIEM and SOAR Platforms – Executive Guidance
- Implementing SIEM and SOAR Platforms – Practitioner Guidance
- Priority Logs for SIEM Ingestion – Practitioner Guidance
