EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty Podcast By cover art

EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty

EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty

Listen for free

View show details

Guest:

  • Raffael Marty, Operating Advisor, a SIEM legend since 1999

Topics:

  • You argue that declaring existing SIEM being obsolete is a "marketing slogan" rather than a true thesis. What is the real pain point and the actual gap in traditional SIEMs as opposed to the more sensational claims?
  • You highlight that "correlation, state, timelines, and real-time detection require locality," making centralization a necessary trade-off. Can a truly federated or decoupled SIEM architecture achieve the same fidelity and real-time performance for complex, stateful detections as a centralized one?
  • You call the rise of independent security data pipelines the "SIEM Trojan Horse." How quickly is this abstraction layer turning SIEM into a "swappable" component, and what should SIEM vendors have done differently years ago to prevent this market from existing?
  • This "AI SOC" thing, is this even real? Is AI in a SOC a better label? Do you think major SIEM vendors will own this very soon, like they did with UEBA and SOAR?
  • If volume-based pricing is flawed because it penalizes good security hygiene, what is a better SIEM pricing model that fairly addresses compute, enrichment, and retention costs without just shifting the volume cost to unpredictable query charges?
  • You question the idea that startups can find a better way to release detection rules than large vendors with significant content teams. What metrics should security leaders use to evaluate the quality of a vendor's detection engineering (DE) output beyond just coverage numbers? Can AI fix DE?

Resources:

  • Video version
  • The SIEM Maturity Framework: A Practical Scoring Tool for Security Analytics Platforms and raffy.ch/SIEM/
  • The Gaps That Created the New Wave of SIEM and AI SOC Vendors
  • How AI Impacts the Cyber Market and The Future of SIEM
  • Why Venture Capital Is Betting Against Traditional SIEMs
  • EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI
  • EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect
  • EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future
  • Decoupled SIEM: Brilliant or Stupid?
  • Decoupled SIEM: Where I Think We Are Now?
No reviews yet