Custom detection rules mean nothing if you're not validating them continuously.

Our Atomic Red Team module is built into the platform and documented publicly, no hidden features, no black box.

For John Strand, Owner of @blackhillsinfosec, that level of transparency was the deciding factor.

The BHIS SOC treats validation as an ongoing practice, not a one-time check.

They run a lot of custom rules and need to know those rules are firing properly on a continuous basis, not just at the next pen test or the next incident. Having Atomic Red Team built directly into the platform makes that possible.

Since making the switch, BHIS can now handle roughly twice the customer load with the same staff.

Watch the full interview: https://www.youtube.com/watch?v=stHEBb-iiys&t=3s

#cybersecurity #infosec #mssp

Most AI SOC products hide the logic.

Workflows are fixed, customization requires a support ticket, and when an agent makes a decision you disagree with, there's no rule to read and no way to change it.

LimaCharlie's agentic SOC-as-code works differently.

Every rule and agent decision is fully inspectable. If an agent makes a call you disagree with, you can read the rule that triggered it, understand why, and change it.

Three prebuilt configurations are available in LimaCharlie's public GitHub repo, each designed for a different stage of operational maturity:

The Baselining SOC is built for noisy, newly onboarded environments that need FP suppression before real-time triage makes sense.

The Lean SOC runs four agents through a full L1-to-L2 workflow with minimal overhead.

The Tiered SOC mirrors a mature, full-featured SOC with specialist agents for malware analysis, threat hunting, and hourly SLA monitoring.

All three can be running in an afternoon.

Read the full breakdown, including per-alert cost models for each configuration: https://limacharlie.io/blog/using-agentic-soc-as-code-to-right-size-your-ai-operations

#cybersecurity #secops #mssp #ai

Running a multi-tool SOC as an MSSP means constantly solving for integration.

Every best-of-breed product your team trusts has to communicate, correlate, and feed into a single view of the customer environment.

For Black Hills Information Security, that centralized layer is LimaCharlie.

LimaCharlie pulls telemetry from across their stack and, for BHIS, the integration experience has been a dream.

Since making the switch, BHIS cut their cost per endpoint by more than half and can now handle roughly twice the customer load with the same staff.

Watch the full interview: https://www.youtube.com/watch?v=stHEBb-iiys&t=3s

#cybersecurity #infosec #soc #mssp

Jensen Huang poured $10 billion into CUDA over a decade when no market existed for it. Investors called it a waste. He called it inevitable.

The same pattern is visible in SecOps today.

OpenClaw's rapid adoption despite known security vulnerabilities shows demand for operational AI has already outpaced the platforms built to govern it.

That gap between demand and safe infrastructure is exactly where market disruptions live.

Most AI in the SOC occupies the advisory lane: parsing logs, surfacing alerts, handing next steps back to an analyst.

LimaCharlie's Agentic SecOps Workspace was built on a different premise: AI should be a governed operator, not a consultant.

Because the platform is API-first, agents access every platform function with the same permissions model applied to human analysts, full audit trails, and fine-grained access controls that define exactly what each agent can read, write, and execute.

Organizations that build on foundations designed for autonomous operation now will hold the same structural advantage Nvidia held when the AI boom arrived.

Read the full post: https://limacharlie.io/

#cybersecurity #secops #ai #mssp

How Do You Choose a Managed Security Service Provider (MSSP)?

https://msspproviders.io/

#HackerNews #ManagedSecurityServiceProvider #MSSP #Cybersecurity #ITSecurity #SecurityManagement

MSSPs onboarding new customers face a fragmented process where EDR deployment, cloud log ingestion, and data source configuration each require separate workflows across multiple sessions and tools.

The Agentic SecOps Workspace (ASW) executes complete onboarding as a unified workflow in minutes.

One request handles endpoint and cloud visibility together. MSSPs get complete tenant coverage without coordinating separate deployment workflows or switching between tools.

Learn more: http://limacharlie.io

#ai #secops #mssp #cloudsecurity

For MSSPs, standing up a fully configured tenant manually takes hours before a client environment is operationally useful.

Claude Code and LimaCharlie compress that entire process into a single prompt. The tenant gets created, the full Sigma community ruleset gets deployed, Git Sync gets enabled, and a linked GitHub repository gets stood up automatically.

Every configuration is versioned from day one and replicable across every subsequent client.

This works because Claude Code has full access to LimaCharlie, not just a summarized view of it. It provisions, configures, and manages infrastructure directly rather than generating instructions for an analyst to follow.

Full breakdown: https://limacharlie.io/blog/spin-up-a-configured-tenant-in-minutes-with-agentic-ai-security

#cybersecurity #secops #agenticai #mssp

Most EDR vendors eventually make a choice: optimize for large enterprise or stay flexible enough for MSSPs.

John Strand explains what drove Black Hills Information Security to make the switch: multi-tenant architecture built for the MSSP model, licensing that adjusts with workload, and agents light enough that customers stop complaining.

On their previous platform, customers were seeing 70% CPU spikes and asking for uninstalls. On LimaCharlie, utilization sits between 2 and 4%.

Since making the switch, BHIS cut their cost per endpoint by more than half and can now handle roughly twice the customer load with the same staff.

Watch the full interview: https://www.youtube.com/watch?v=stHEBb-iiys&t=3s

#cybersecurity #infosec #soc #mssp