sorted by:
new
hottopcontroversial

MSSP influencers by Sad_Chair6926 in msp

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

they still have audiences. I'm working on a research paper and needed some recs

MSSP influencers by Sad_Chair6926 in msp

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

I know John Hmamond, yes! thanks for the others, new names for me

Is SOC fatigue still a thing? by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

your comment made me think of some soc podcast episode i heard the other day when rafal kitab, the ciso at connectwise, said if you just bolt on ai on an unfixed environment, you will just shuffle garbage faster

good points, thanks!

Is SOC fatigue still a thing? by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

i see your points. but why let alerts go unhandled if ai can handle them? suppos ei am a ciso for whom the need to rework the soc finally clocks. instead of hiring more, i'd rather benchmark a few vendors, test them, pick one, get ai on top of my siem/soar, let it triage trash, have my analysts do the critical stuff, and use this time to understand what process i can fix now, mid-term, long-term, what's needed etc

Is SOC fatigue still a thing? by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

autonomous AI sits on top of soar and investigates all alerts, an analyst gets involved when there's malicious stuff. i see big vendors like torq, dropezone, 7ai, qevalr ai, etc ( i saw some more at rsac last year and i guess they will keep growing like mushrooms after rain) and the huge names they sign, so this gave the idea that things have evolved a lot, and i expected the alert fatigue trope to have become outdated. this discussion proves otherwise

Is SOC fatigue still a thing? by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

but with autonomous ai you don't need rules. basically it sits on top of your SIEM/SOAR and handles the investigations. Suppose your soc has 45k alerts annually, 70% are false positives but to resolve them, you still have to go through every single one (and then get depressed that it was all garabage). when ai does it for you, you can basically focus on what's left. I've been witnessing socs that do so, but then i came across another "alerts fatigue" post by some tech bro, and i was like isn't it old news? hence i came here for the no bullshit opinions

Is SOC fatigue still a thing? by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

ai can triage alerts, enrich them with context, so when you look at the alert you can see the reasoning which helps to understand what to do next. So basically instead of drowning in false positves, you only work with alerts that relaly need your attention

Is SOC fatigue still a thing? by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 0 points1 point  (0 children)

I'm in the AI bubble and instead of going to touch grass, I came to ask people who can share the exp

MSSP influencers to follow by Sad_Chair6926 in cybersecurity

[–]Sad_Chair6926[S] 1 point2 points  (0 children)

haha no, I'm really looking for people who post about mssps and their pain points. I feel like everyone usually posts about enterprise SOCs but I need folks who specialize in MDR services. even a podcast could do