security-operation-center
Beyond “Is Your SOC AI Ready?” Plan the Journey!
You read the “AI-ready SOC pillars” blog, but you still see a lot of this:Bungled AI SOC transitionHow do we do better?Let’s go through all 5 pillars aka readiness dimensions and see what we ...
SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025
SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025I will be really, really honest with you — I have been totally “writer-blocked” (more “analyst blocked”, really) and I decided to release it anyway today … ...
Output-driven SIEM — 13 years later
Output-driven SIEM — 13 years laterOutput-driven SIEM! Apart from EDR and SOC visibility triad, this is probably my most known “invention” even though I was very clear that I stole this from the Vigilant crew ...
The Return of the Baby ASO: Why SOCs Still Suck?
“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our ...
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)
A fair-weather SOC by Meta AIDo you have a fair-weather friend? Or two?Fair weather friend (via Google)OK, do you also have a fair-weather SOC?This train of thought was inspired by reading pilot forums about how ...
A Brief Guide for Dealing with ‘Humanless SOC’ Idiots
image by Meta.AI lampooning humanless SOCMy former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous ...
New Paper: “Future of SOC: Transform the ‘How’” (Paper 5)
After a long, long, long writing effort … eh … break, we are ready with our 5th Deloitte and Google Cloud Future of the SOC paper “Future of SOC: Transform the ‘How’.”As a reminder (and ...
Anton’s Alert Fatigue: The Study
Mention “alert fatigue” to a SOC analyst. They would immediately recognize what you are talking about. Now, take your time machine to 2002. Find a SOC analyst (much fewer of those around, ...
Closing the Gaps: How Attack Path Management Improves Vulnerability Management Programs
In conversation: Pete McKernan & Luke LuckettAs organizations seek to wrap their arms around potential cybersecurity exposures, CIOs and CISOs are increasingly pushing their vulnerability management teams to widen scope. With such a ...
Not a SOC FAQ! This is SOC FMD!
Somebody asked me this profound question that (a) I feel needs an answer and that (b) I’ve never answered in the past:If you run a SOC (or an equivalent D&R team), what things ...
