The D3 Blog
Learn about the latest from D3 and the world of cybersecurity, with news, analysis, and more.
-
Four Years on ServiceNow SOAR Taught One Global 1000 SOC Exactly What to Look For
A Global 1000 SOC spent four years on ServiceNow SOAR. That experience became a checklist for modern alert triage. See what they learned to look…
-
Palo Alto Says XSOAR’s Successor Is a Rebuild. That Makes the Destination Your Call.
Cortex AgentiX is XSOAR’s named successor, and reaching it means a migration. See how to migrate off XSOAR without re-platforming your SIEM.
-
The Most Dangerous Answer in the SOC Is a Confident One
Accuracy on a good day is the wrong measure of an AI SOC. What matters is what it does when it doesn’t know, and why…
Filter by category:
Search blog:
-
Autonomous SOCFour Years on ServiceNow SOAR Taught One Global 1000 SOC Exactly What to Look For
A Global 1000 SOC spent four years on ServiceNow SOAR. That experience became a checklist for modern alert triage. See what they learned to look…
-
Autonomous SOCPalo Alto Says XSOAR’s Successor Is a Rebuild. That Makes the Destination Your Call.
Cortex AgentiX is XSOAR’s named successor, and reaching it means a migration. See how to migrate off XSOAR without re-platforming your SIEM.
-
Autonomous SOCThe Most Dangerous Answer in the SOC Is a Confident One
Accuracy on a good day is the wrong measure of an AI SOC. What matters is what it does when it doesn’t know, and why…
-
Autonomous SOCDesigning an AI SOC That Fails Toward a Human
Fail-open is a design principle: when an AI SOC can’t reach a reliable conclusion, it defaults to human review. Here’s the architecture.
-
Compliance, IndustryNIS2, Sovereignty, and Automation: Inside Germany’s SOC Market with Johannes Kresse
Johannes Kresse on NIS2 compliance, AI adoption, and data sovereignty reshaping German SOCs, plus the SOC map bringing transparency to Germany’s MSSP market.
-
Autonomous SOCDoes “AI SOC” Solve Alert Fatigue?
40% of alerts never get investigated. See how an accountable agentic AI SOC delivers full coverage with Attack Path Discovery and Adaptive Tasking.
-
Autonomous SOCThe Playbook Estate Problem: When Your SOAR Needs a Full-Time Owner
Year one with a playbook SOAR is exciting. Year three, an engineer owns it full-time. The agentic SOC question nobody budgets for at renewal.
-
Autonomous SOCEvaluating SOC Automation Vendor Risk in 2026
SOC automation vendor risk is the chance your platform is acquired, repriced, or re-platformed before you recoup your investment. Here’s a five-factor framework.
-
Autonomous SOCThe SOAR Maintenance Tax: Why Playbook Inventories Don’t Scale in 2026
Why SOAR deployments built on large Python playbook inventories hit a maintenance wall, what it costs in dedicated headcount, and how investigation-first architectures (Attack Path…