Trendveris
Live Coverage
Sign in Sign up
Trending: Champions League Transfer News Premier League World Cup
Trendveris
AI & ML

What an ex-NSA red teamer wants every SOC to stop doing

Security teams have spent years trying to see more. More endpoints, more cloud services, more identities, more telemetry. For the The post What an ex-NSA red teamer wants every SOC to stop doing appea...

Jul 13, 2026 | 3 min read
Sign in to save
"How to Tame Alert Fatigue With Time Series Databases" featured image. Illustration of a person trying to tame a lion

Security teams have spent years trying to see more. More endpoints, more cloud services, more identities, more telemetry. For the most part, those security teams have succeeded, but it’s created a new problem, and The New Stack will discuss it at this virtual event on July 23.

The modern security operations center (SOC) team isn’t short on data. It’s buried under it. Cloud platforms, SaaS applications, endpoints, identity systems, and security products all generate a steady flow of events, leaving analysts to determine which ones indicate a genuine compromise and which are simply background noise.

It’s little wonder that alert fatigue remains one of the defining challenges in security operations. The issue isn’t simply volume. It’s context.

It’s little wonder that alert fatigue remains one of the defining challenges in security operations. The issue isn’t simply volume. It’s context.

An individual alert rarely tells the whole story. A suspicious login, an unusual process, or an unexpected network connection may each look harmless on its own. Put them together around a single user, workload, or device, however, and a very different picture begins to emerge.

Security teams are also rethinking what an alert should represent. Rather than firing on individual events, many are building detections around users, devices, service accounts, and workloads. That gives analysts a running picture of what’s happening, instead of forcing them to assemble it themselves from dozens of disconnected alerts.

Of course, collecting more context creates another challenge: someone still has to make sense of it.

AI’s role in the SOC

This is where AI is beginning to find a practical role inside the SOC. Not as a replacement for experienced analysts, but as another member of the team that never gets tired of reading logs. AI can help tune detection rules, summarize investigation findings, build playbooks, correlate evidence across multiple data sources, and surface the signals that deserve human attention first.

None of that works particularly well without the right data strategy.

Not every log needs to be treated equally. Some data needs to be immediately searchable. Some should be enriched before analysts ever see it. Other telemetry can be archived for compliance while remaining available for an investigation if required. Deciding what lives where, and for how long, has become just as important as deciding what to collect in the first place.

At 9:30 a.m. Pacific / 12:30 p.m. Eastern on Thursday, July 23, Chas Clawson, VP of Security Strategy at Sumo Logic, joins The New Stack to discuss how security teams can rethink detection, AI, and data management as part of a single operational strategy.

Clawson brings a rare vantage point to this conversation: He’s spent more than 20 years working both sides of the public-private line, consulting for Fortune 500 companies and federal agencies alike, including architecting the Department of Commerce’s ESOC SIEM solution and conducting offensive security exercises as part of the NSA Red Team, before moving into his current role at Sumo Logic.

His mix of red-team instinct and enterprise-SOC-building experience shapes how he talks about AI in security operations as a tool he’s already watched teams operationalize for triage, investigation, and efficiency at scale.

Register for free to join the conversation

REGISTER NOW FOR THIS WEBINAR

Our conversation will explore practical approaches to reducing alert fatigue, building richer context around users and assets, and making AI a useful part of everyday investigations rather than just another dashboard feature.

Because logging everything is relatively easy. Join us on July 23 to figure out what deserves your attention and what separates an effective SOC from an overwhelmed one.

The post What an ex-NSA red teamer wants every SOC to stop doing appeared first on The New Stack.

Source: Carly Page · thenewstack.io
Sign in to join the discussion.