EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty
Failed to add items
Sorry, we are unable to add the item because your shopping cart is already at capacity.
Add to basket failed.
Please try again later
Add to Wish List failed.
Please try again later
Remove from Wish List failed.
Please try again later
Follow podcast failed
Unfollow podcast failed
EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty
-
Narrated by:
-
By:
About this listen
Guest:
- Raffael Marty, Operating Advisor, a SIEM legend since 1992
Topics:
- You argue that declaring existing SIEM being obsolete is a "marketing slogan" rather than a true thesis. What is the real pain point and the actual gap in traditional SIEMs as opposed to the more sensational claims?
- You highlight that "correlation, state, timelines, and real-time detection require locality," making centralization a necessary trade-off. Can a truly federated or decoupled SIEM architecture achieve the same fidelity and real-time performance for complex, stateful detections as a centralized one?
- You call the rise of independent security data pipelines the "SIEM Trojan Horse." How quickly is this abstraction layer turning SIEM into a "swappable" component, and what should SIEM vendors have done differently years ago to prevent this market from existing?
- This "AI SOC" thing, is this even real? Is AI in a SOC a better label? Do you think major SIEM vendors will own this very soon, like they did with UEBA and SOAR?
- If volume-based pricing is flawed because it penalizes good security hygiene, what is a better SIEM pricing model that fairly addresses compute, enrichment, and retention costs without just shifting the volume cost to unpredictable query charges?
- You question the idea that startups can find a better way to release detection rules than large vendors with significant content teams. What metrics should security leaders use to evaluate the quality of a vendor's detection engineering (DE) output beyond just coverage numbers? Can AI fix DE?
Resources:
- Video version
- The SIEM Maturity Framework: A Practical Scoring Tool for Security Analytics Platforms
- The Gaps That Created the New Wave of SIEM and AI SOC Vendors
- How AI Impacts the Cyber Market and The Future of SIEM
- Why Venture Capital Is Betting Against Traditional SIEMs
- EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI
- EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect
- EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future
- Decoupled SIEM: Brilliant or Stupid?
- Decoupled SIEM: Where I Think We Are Now?
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.