Latio Pulse

Latio Pulse

Playback speed
×
Share post
Share post at current time
0:00
/
0:00
Transcript

What is a SOC in 2025?

LotR Episode 6
James Berthoty's avatar
James Berthoty
Jun 26, 2025
Share
Transcript

Summary

In this conversation, James Berthoty, Kyle Polley from Perplexity, and Ariful Huq from Exaforce explore the complexities of security operations, focusing on the role of Security Operations Centers (SOCs), the integration of AI, and the evolving landscape of cloud security. They discuss the motivations behind purchasing SOCs, the importance of compliance, and the challenges faced by security teams in managing alerts and incidents. The conversation highlights the potential of AI to enhance SOC functions, reduce alert fatigue, and improve detection engineering, while also addressing the need for context in security operations. The discussion concludes with insights on the future of security data and the operationalization of detection engineering.

Takeaways

  1. The initial push for SOCs often stems from compliance needs.

  2. Understanding the budget is crucial when considering SOC options.

  3. AI can significantly enhance the efficiency of SOC operations.

  4. The integration of CNAPP and SOC is becoming increasingly important.

  5. Contextual information is vital for effective incident response.

  6. MDR solutions can be beneficial but may lack the necessary context.

  7. Detection engineering requires a blend of security and software engineering skills.

  8. Alert fatigue is a significant challenge for SOC teams.

  9. The future of security data will encompass more than just logs.

  10. AI has the potential to democratize security operations and improve analyst capabilities.

Chapters

00:00 Introduction to Security Operations

01:31 Understanding the Need for SOCs

05:42 The Role of CNAP in Security

08:34 Balancing SOC and CNAP Solutions

10:08 Traditional SOC Roles and Responsibilities

11:45 The Evolving Nature of SOC Teams

13:49 Contextualizing Alerts in Security

15:32 Integrating AI into SOC Operations

20:52 Enhancing Analyst Efficiency with AI

25:39 Learning from Past Investigations

27:06 The Importance of Threat Hunting in SOCs

29:43 Leveraging AI for Threat Intelligence and Detection

31:02 Modernizing SOC Skills and Detection Engineering

35:00 Reimagining Detection Engineering with AI

38:43 The Role of Data Normalization in AI Models

40:48 The Future of AI in Security Operations

43:12 The Evolution of SIEM and Security Data Lakes

Discussion about this video

User's avatar
© 2025 James Berthoty
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture