Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.

I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.

Segment Resources:

• Introducing AQL for cyber.
• AQL - How we do it
• An AQL 'calculator' you can play around with

We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.

• First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
• Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
• Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!

For each of these three topics, these are the blog posts they correspond with if you want to learn more:

1. Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
2. If You’re Not Using Data Pipeline Management For Security And IT, You Need To
3. Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes

In this week's enterprise security news, we've got

1. 5 acquisitions
2. Tines gets funding
3. new tools and DFIR reports to check out
4. A legal precedent that could hurt AI companies
5. AI garbage is in your code repos
6. the dark side of security leadership
7. HIPAA fines are broken
8. Salt Typhoon is having a great time
9. Don't use ChatGPT for legal advice!!!!!

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-394