EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI)

Описание: Guest:


• Daniel Lyman (  / danny-l-7517a14  ) , VP of Threat Detection and Response, Fiserv


Topics:


• What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground?

• How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact?

• What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice?

• Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt?

• How do you expect AI to change the calculus around data centralization versus data federation?

• What is your favorite example of telemetry that is useful, but usually excluded from a SIEM?

• What are the Detection and Response organizational metrics that you think are most valuable?

• Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database?


Resources:


• Video version (   • EP263 SOC Refurbishing: Why New Tools Won’...  )

• "In My Time of Dying" (https://www.amazon.com/My-Time-Dying-...) book

• EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen (https://cloud.withgoogle.com/cloudsec...)

• EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective (https://cloud.withgoogle.com/cloudsec...)

• The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? (  / the-gravity-of-process-why-new-tech-never-...  ) blog