SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
SIEM
#
Advanced Persistent Threat Protection
#
SOC

Security agencies urge stronger AI data protocols & SIEM shift

Yesterday
Author image
By Shannon Williams, Journalist

International security agencies have published new joint guidelines aimed at strengthening artificial intelligence (AI) data security, while also releasing detailed recommendations for managing cybersecurity information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms. The publications have come from agencies including the United States National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and Australia's Australian Signals Directorate (ASD).

The AI data security information sheet seeks to address growing concerns about the use, integrity, and protection of data throughout the AI system lifecycle. The guidance identifies risks that may emerge from compromised data sources, data poisoning, and evolving attacker capabilities, highlighting the importance of robust integrity checks and the implementation of secure AI development and operational practices.

Kevin Kirkwood, Chief Information Security Officer at Exabeam, has welcomed the release of the AI guidance but raised questions regarding the transparency and standards of data sources used in its development.

"The article guidance by CISA ends with a note outlining that AI was 'carefully and responsibly use in the development' of the best practices document. It leads me to question whether the data set that was used to outline the guidance was developed with the same integrity checks, freedom from poisoning and other threats.

"The guidance also suggests that AI should be training AI. This might be a path that increases the time for the AI model to become viable and available in the market, but also indicates another level of risk that should be considered. This element of the industry is moving incredibly fast and that also introduces opportunities that can be used to hurt businesses and end users.

"We are a strong advocate for and developers of AI and we will be using these guidance as a way to supplement our knowledge and practice for building, testing and training our AI agents."

The NSA, CISA, and ASD's Australian Cyber Security Centre, among other agencies, have also jointly issued three publications targeting cybersecurity executives and network defenders. These documents outline what should be considered when implementing and managing SIEM and SOAR platforms—technologies pivotal for identifying, containing, and responding to security events in complex enterprise environments.

Steve Wilson, Chief AI and Product Officer at Exabeam, acknowledged the initiative but contended that the guidance did not fully address the realities that security operations centres (SOCs) face today.

"We appreciate the NSA and its partners stepping up to help guide the effective use of SIEM platforms. It's a critical mission, and much of what's in this guidance is solid, particularly for organisations still building foundational capabilities.

"But let's be honest: the documents stop short of addressing the scale and complexity of today's real-world SOCs. There's barely a nod to the practicalities of handling the terabytes—sometimes petabytes—of data modern security teams are swimming in daily. The proposed approach to analyzing it seems to mostly be simple correlation rules and human intuition. That might have worked a few years years ago. It doesn't cut it now.

"Machine learning isn't optional anymore and the papers barely touch on it. It's foundational. You need automated baselining. You need anomaly detection that works at scale. And leading SOCs already know this—they're moving beyond it. They're now layering on investigative AI agents to eliminate analyst busywork and radically accelerate triage and response.

This is the future of security operations. And frankly, we don't have the luxury of enough experienced analysts to keep doing things the old way. If organizations are going to be survivors in the AI-driven cybersecurity war they need to be thinking about how to leverage AI themselves on top of their SIEM."

 

Both sets of guidelines signal a wider recognition among Western national security agencies that evolving threats require not just new layers of technology but also an ongoing reassessment of how advanced tools like AI are adopted, monitored, and improved. The collaborative approach in these publications underlines the urgency of international cooperation to defend against rapidly advancing cyber threats to business and government networks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Bitdefender unveils upgrades to partner & MSP programmes
Experts warn of surge in Google, Apple, Microsoft breaches
AI-driven phishing attacks surge against Australian targets in 2024
Safari users at heightened risk from new fullscreen BitM attack
Most high-traffic email domains still vulnerable to phishing
Top stories
Strengthening cyber resilience in superannuation
Why better data management is crucial for Australian Organisations facing cyber breaches
Is it time to re-think the business browser?
AI-driven cybersecurity shapes future of managed services
SEON expands APAC team as demand for fraud tech solutions rises