Sign up to save your podcasts
Or
Share Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.
I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.
Segment Resources:
- Introducing AQL for cyber.
- AQL - How we do it
- An AQL 'calculator' you can play around with
We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.
- First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
- Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
- Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!
For each of these three topics, these are the blog posts they correspond with if you want to learn more:
- Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
- If You're Not Using Data Pipeline Management For Security And IT, You Need To
- Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes
In this week's enterprise security news, we've got
- 5 acquisitions
- Tines gets funding
- new tools and DFIR reports to check out
- A legal precedent that could hurt AI companies
- AI garbage is in your code repos
- the dark side of security leadership
- HIPAA fines are broken
- Salt Typhoon is having a great time
- Don't use ChatGPT for legal advice!!!!!
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-394
View all episodes
By Security Weekly Productions
4.9
1414 ratings
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.
I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.
Segment Resources:
- Introducing AQL for cyber.
- AQL - How we do it
- An AQL 'calculator' you can play around with
We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.
- First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
- Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
- Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!
For each of these three topics, these are the blog posts they correspond with if you want to learn more:
- Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
- If You're Not Using Data Pipeline Management For Security And IT, You Need To
- Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes
In this week's enterprise security news, we've got
- 5 acquisitions
- Tines gets funding
- new tools and DFIR reports to check out
- A legal precedent that could hurt AI companies
- AI garbage is in your code repos
- the dark side of security leadership
- HIPAA fines are broken
- Salt Typhoon is having a great time
- Don't use ChatGPT for legal advice!!!!!
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-394
More shows like Enterprise Security Weekly (Audio)
View all
NPR News Now
14,602 Listeners
Last Podcast On The Left
51,341 Listeners
This Week in Tech (Audio)
3,060 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,028 Listeners
Security Weekly News (Audio)
33 Listeners
Darknet Diaries
8,113 Listeners
Unsubscribe Podcast
2,181 Listeners
Risky Bulletin
45 Listeners