Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's been shared and recommended by members of the security community since its launch in January 2023, notably by Airbnb engineer Allyn Stott in his BSides and Black Hat talk, How I Learned to Stop Worrying and Build a Modern Detection & Response Program. The SOC ACM has been compared to the MITRE ATT&CK and RE&CT frameworks, with one user saying, "it could be a standard for classification of SOAR automations, a bit like the RE&CT framework, but with more automation focus." It's been used by organizations in Fintech, Cloud Security, and beyond, as a basis for assessing and optimizing their security automation programs. Here, we'll take a closer look at how the SOC ACM works, and share how you can use it in your organization. What is the SOC Automation Capability Matrix? The SOC Automation Capability Matrix is an interactive set of techniques that empower security operations teams to respond proactively to common cybersecurity incidents. It's not a list of specific use cases related to any one product or service, but a way to think about the capabilities an organization might follow. It offers a solid foundation for…Read More