Logs & Lattes Episode 4: How 2025 Reshaped SOCs and What Matters in 2026

Security teams spent 2025 operating at maximum load. Alert volume kept rising, analysts pivoted across too many tools, AI arrived faster than governance could support, and cloud costs shaped what data teams felt safe keeping. In this episode of Logs and Lattes, host Palmer Wallace and Jeff Darrington break down what actually happened inside real SOCs and how those lessons are already guiding 2026.

Jeff explains why analysts were overwhelmed by scattered context, dashboard overload, inconsistent response steps, and surprise cloud bills that affected visibility. He also shares insights on the trends accelerating in 2026 including supervised AI for first pass triage, smart data strategies, API behavior monitoring, handling shadow AI risks, and early steps toward post quantum readiness.

You will hear practical guidance on improving investigation flow, strengthening analyst experience, setting AI oversight rules, and managing data costs without weakening coverage. Jeff also highlights how Graylog SIEM Without Compromise supports teams with clearer context, predictable storage strategies, and workflows that help analysts act with confidence.

Subscribe for more analyst focused conversations on modern SOC operations powered by Graylog.
#siem #securityoperationscenter #security #logmanagement 00:00 - 00:46 Introduction

00:47 - 03:41 What Happened in 2025

03:42 - 06:04 Dashboards and AI Usage

06:05 - 12:05 Alerts and Response to Attacks

12:06 - 14:51 Budget and Security Considerations

14:52 - 17:29 Analyst Experience and AX

17:30 - 19:58 2026 and beyond

19:59 - 23:06 API Threats and Monitoring

23:07 - 26:38 Human or AI Usage

26:39 - 29:08 Autonomous Threats

29:09 - 31:59 Quantum Computing

32:00 - 34:25 2026 Predictions and Beyond

34:26 - 35:02 Closing