Sign up to save your podcasts
Or
Share Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.
I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.
Segment Resources:
- Introducing AQL for cyber.
- AQL - How we do it
- An AQL 'calculator' you can play around with
We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.
- First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
- Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
- Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!
For each of these three topics, these are the blog posts they correspond with if you want to learn more:
- Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
- If You're Not Using Data Pipeline Management For Security And IT, You Need To
- Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes
In this week's enterprise security news, we've got
- 5 acquisitions
- Tines gets funding
- new tools and DFIR reports to check out
- A legal precedent that could hurt AI companies
- AI garbage is in your code repos
- the dark side of security leadership
- HIPAA fines are broken
- Salt Typhoon is having a great time
- Don't use ChatGPT for legal advice!!!!!
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-394
View all episodes
By Security Weekly Productions
4.9
1414 ratings
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.
I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.
Segment Resources:
- Introducing AQL for cyber.
- AQL - How we do it
- An AQL 'calculator' you can play around with
We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.
- First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
- Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
- Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!
For each of these three topics, these are the blog posts they correspond with if you want to learn more:
- Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
- If You're Not Using Data Pipeline Management For Security And IT, You Need To
- Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes
In this week's enterprise security news, we've got
- 5 acquisitions
- Tines gets funding
- new tools and DFIR reports to check out
- A legal precedent that could hurt AI companies
- AI garbage is in your code repos
- the dark side of security leadership
- HIPAA fines are broken
- Salt Typhoon is having a great time
- Don't use ChatGPT for legal advice!!!!!
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-394
More shows like Enterprise Security Weekly (Audio)
View all
Security Now (Audio)
2,010 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
373 Listeners
LINUX Unplugged
268 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
654 Listeners
CyberWire Daily
1,023 Listeners
Business Security Weekly (Audio)
3 Listeners
Smashing Security
318 Listeners
Click Here
419 Listeners
Darknet Diaries
8,044 Listeners
Cybersecurity Today
181 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
138 Listeners
Risky Bulletin
44 Listeners