Cloud Security Podcast by Google EP271 Can AI-Native MDR Actually Fix Your Broken SOC Workflows or Just Automate the Mess?
18 snips
Apr 9, 2026 Bashar Abouseido, President of Tenex.AI and former CISO focused on metrics and AI-enabled ops, and Eric Foster, CEO of Tenex.AI and veteran practitioner pushing AI-native MDR, debate whether AI-native MDR can modernize SOCs stuck on legacy SIEM. They discuss data quality, agentic remediation, new metrics beyond MTTD, trust for autonomous containment, and hybrid platform-plus-edge AI strategies.
AI Snips
Chapters
Transcript
Episode notes
Bolting AI Onto Legacy SIEM Is A Mistake
- Bolting AI onto legacy SIEMs often fails because those systems weren't designed for AI-driven workflows.
- Eric Foster compares it to giving a monolith an IP address and putting it on the internet, creating architectural mismatches and poor outcomes.
Measure Outcomes Not Just MTTD
- Focus metrics on outcomes like false positives, false negatives, and a small number of high-quality alerts per analyst.
- Bashar Abouseido suggests aiming for about five true alerts per analyst per day to enable quality response and situational understanding.
Agentic MDR Can Triaged All Alerts Rapidly
- Agentic systems can triage 100% of alerts at machine speed, reducing mean time to dwell dramatically.
- Eric Foster cites a case study (Sunrun) claiming 100% alert coverage and average triage to true MTTR in 48 seconds.