%term

The latest News and Information on Security Incident and Event Management.

AI SOC vs. white box AI: Why black boxes fail in the real world

May 7, 2026 By David Girvin In Sumo Logic

There’s a growing wave of “AI SOC” startups promising autonomous everything. They’ll triage your alerts, investigate threats, and even run your playbooks. Push a button, let the machine handle the mess, and enjoy the magic. It sounds great until the moment something breaks. Then everyone, not just security, asks the same question: “What exactly did it do?” And that’s when these systems turn into a liability.

Read Post

Sumo Logic

Read more about AI SOC vs. white box AI: Why black boxes fail in the real world

Turn security signals into structured investigations with Case Management in Datadog Cloud SIEM

May 5, 2026 By Eitan Moriano In Datadog

Security operations teams manage a high volume of signals, often across multiple tools. Analysts may triage detections in one system, document progress in another, and coordinate remediation elsewhere. As context becomes fragmented, response times slow and the risk of missed threats increases.

Read Post

Datadog

Read more about Turn security signals into structured investigations with Case Management in Datadog Cloud SIEM

Logs & Lattes: Episode 6 - How Small SOC Teams Stop Drowning in Alerts

May 5, 2026 By Graylog In Graylog

Lean security teams don't need a smaller version of an enterprise SOC. They need a different approach entirely. Graylog Director of Product Management, Rich Murphy, joins Logs and Lattes to explain why 2-to-4-person security teams are the most underserved segment in cybersecurity and what needs to change.

View Video

Graylog

Read more about Logs & Lattes: Episode 6 - How Small SOC Teams Stop Drowning in Alerts

Is your SIEM actually ready? A new way to find out

May 4, 2026 By Smriti In Elastic

You've done the work. Logs are flowing. Rules are enabled. Agents are deployed. Dashboards exist. But if your CISO, an auditor, or a red team report asked if your SIEM is ready to detect and respond to the threats that matter, could you answer confidently? Most teams can't.

Read Post

Elastic

Read more about Is your SIEM actually ready? A new way to find out

Why Most Incident Response Retainers Fail When It Matters Most

Apr 30, 2026 By LevelBlue In LevelBlue

Many companies have an incident response retainer...but it doesn't actually make them risk ready. That's because too many retainers are built on outdated, hour-based "use it or lose it" models that don't actually reduce risk, improve resilience, or focus on outcomes. A modern retainer should drive preparedness, align with today's insurance realities, and actively lower exposure before an incident happens.

View Video

LevelBlue

Read more about Why Most Incident Response Retainers Fail When It Matters Most

How to secure cloud workloads without building a full-scale SOC

Apr 30, 2026 By Adam White In Sumo Logic

You don’t need a 20-person SOC to protect your cloud-native environment. What you need is the right strategy: map your risk, embed security early, automate detection, and let smart tooling do the heavy lifting. Here’s how security and DevOps leaders with limited resources can achieve enterprise-level protection without enterprise-level headcount.

Read Post

Sumo Logic

Read more about How to secure cloud workloads without building a full-scale SOC

Elastic Security: an agentic security operations platform

Apr 29, 2026 By Elastic In Elastic

In this video, we introduce Elastic Security and how it helps modern teams manage security operations more efficiently. It brings together detection, investigation, and response into one unified platform using AI, automation, and integrated security tools. Additional Resources.

View Video

Elastic

Read more about Elastic Security: an agentic security operations platform

The Metric AI Security is Missing

Apr 29, 2026 By Exabeam In Exabeam

As autonomous and semi-autonomous AI systems take on more responsibility within the enterprise, they shift from being “features” of software to becoming true internal actors. They make decisions, take actions, call tools, orchestrate workflows, and influence other AI agents. With this evolution, we must confront an uncomfortable truth: the metrics and response patterns we built for deterministic software no longer work.

Read Post

Exabeam

Read more about The Metric AI Security is Missing

Whole-of-state cyber defense: How AI-driven security helps US states protect what matters most

Apr 29, 2026 By Bobby Suber In Elastic

Short answer: Because attackers exploit fragmentation faster than governments can respond This shift toward collective cyber defense is a cornerstone of the new federal vision. The March 2026 National Cyber Strategy for America explicitly calls for a "new level of relationship between the public and private sectors" and demands "unprecedented coordination across government" to protect the American people.

Read Post