web analytics

CISA’s New SOAR Guidance Shows Where Automation Must Go Next – Source: securityboulevard.com

cisa’s-new-soar-guidance-shows-where-automation-must-go-next-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Shriram Sharma

The US federal government and its international partners have provided the cybersecurity industry with a significant new resource. The new guidance from CISA and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Implementing SIEM and SOAR platforms,” offers an actionable assessment of the security automation landscape and the challenges that modern security operations centers (SOCs) face.

The report offers a clear definition of a Security Orchestration, Automation, and Response (SOAR) platform. According to the guidance, a SOAR “automates some of the response to detected cybersecurity events and incidents… by applying predefined ‘playbooks’… These automated actions do not replace human incident responders but can complement them”.

This guidance validates what security professionals have experienced for years: that SOAR platforms from vendors like Splunk, Swimlane, and Palo Alto XSOAR are not “set and forget” tools. They are platforms that require intensive, ongoing configuration and maintenance to function, a fact that underlines the limitations of a playbook-driven approach.

Techstrong Gang Youtube

AWS Hub

The Limitations of SOAR Playbooks and the Rise of the ASOC

The core challenges detailed in the CISA report, from the hidden costs of SIEM/SOAR to the operational drag of false positives, are rooted in this reliance on static playbooks. To effectively meet security guidance like the Essential Eight or CISA’s Cybersecurity Performance Goals (CPGs), a new approach is needed. This is where a new category of SOC automation comes into play; the next step in the evolution from traditional SOAR to an Autonomous SOC (ASOC) solution like D3’s Morpheus.

  • Traditional SOAR streamlines tasks by running the playbooks your team builds. The responsibility for investigation, correlation, and keeping those playbooks up-to-date remains with your analysts.
  • Morpheus ASOC fully automates the Tier 1 and Tier 2 SOC workload. It autonomously creates dynamic, context-aware responses (playbooks) based on the unique attributes of every alert and incident. This eliminates the playbook burden and delivers more impact by fully investigating every alert. 
  • For Tier 3 analysts responsible for incident response and/or delivering MDR (Managed Detection and Response), Morpheus acts as an AI copilot, providing in-depth, cross-stack investigation, MITRE ATT&CK timelines, link analysis, and automated workflows for remediation and proactive threat hunting.
CISA/ACSC-Identified Challenge The SOAR Approach The Morpheus ASOC Solution
Inaccurate Alerting & False Positives Teams are often “operationally overwhelmed by false alerts,” or they miss real incidents because of ineffective alert rules. Filters noise before it reaches analysts. Morpheus is an ASOC product designed to autonomously enrich, correlate, and prioritize alerts at scale, effectively “filtering out” false and benign positives from the queue.
Playbook Maintenance Burden Requires personnel to “continually adjust” and test playbooks as the network and threat landscape change—an intensive and unending process. Self-generating, adaptive playbooks. Morpheus autonomously creates a unique investigation and response workflow for every alert, tailored to your security stack and the specific threat, eliminating the manual maintenance burden.
Risk of Inappropriate Action A key technical challenge is ensuring a SOAR “does not take action against regular network activity” or impede responders, which can “significantly disrupt service delivery”. Offers AI-driven investigation with human-in-the-loop governance. Morpheus aligns with your policies and prompts your team for one-click approval before executing critical remediation steps, ensuring full control.
Complex, Costly Implementation A proper SOAR implementation involves significant upfront and sustained costs, from data ingestion fees to retaining staff with “in-demand, specialist skills”. Provides value in days, not quarters. Morpheus sits on top of your existing tools with 800+ integrations. It operates on alerts, not logs, which can help reduce the data costs associated with traditional SIEM/SOAR tools.

AI Speed with Human Control: Solving the “Appropriate Action” Dilemma

The CISA guidance correctly identifies one of the biggest risks of automation: ensuring that the SOAR only takes appropriate action in response to actual cybersecurity incidents. An automated process that misinterprets an event can cause significant business disruption.

Illustration of Morpheus Investigation interface showing an 88% true positive alert for an ‘Impossible Travel Attempt

This is where the ASOC model demonstrates its value. Morpheus is designed to provide the speed of AI with the assurance of human oversight:

  • AI-Guided Recommendations: For every confirmed threat, Morpheus generates clear incident summaries, actionable next steps, and a full-stack triage score to inform the response.
  • One-Click Approval Prompts: For critical actions like isolating a host or revoking credentials, Morpheus pauses and waits for an analyst to give the go-ahead.
  • Full Transparency: All AI-generated logic is presented in open YAML, and every decision can be reviewed, modified, and tested, ensuring your team retains complete control.

CISA’s recommendations for SOAR implementation offer a clear direction for the future of security automation. Continuing to invest time and resources in maintaining brittle playbooks is no longer the most effective strategy. The logical next step is to embrace a more intelligent, autonomous approach. Ready to explore the next evolution of security automation? Book a demo to see Morpheus in action. 🚀

The post CISA’s New SOAR Guidance Shows Where Automation Must Go Next appeared first on D3 Security.

*** This is a Security Bloggers Network syndicated blog from D3 Security authored by Shriram Sharma. Read the original post at: https://d3security.com/blog/cisa-soar-guidance-soc-automation/

Original Post URL: https://securityboulevard.com/2025/05/cisas-new-soar-guidance-shows-where-automation-must-go-next/?utm_source=rss&utm_medium=rss&utm_campaign=cisas-new-soar-guidance-shows-where-automation-must-go-next

Category & Tags: Incident Response,Security Bloggers Network,AI-SOC,Autonomous SOC,Cybersecurity,Morpheus AI,Security Automation – Incident Response,Security Bloggers Network,AI-SOC,Autonomous SOC,Cybersecurity,Morpheus AI,Security Automation

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos