Mike Vizard talks with Nicole Beckwith of Cribl about why security teams need to move beyond indicator-of-compromise detection models built around hashes, IP addresses, domains and signatures. Beckwith explains that attackers can easily rotate low-level indicators, so SOC teams need to shift toward behavioral detection, MITRE ATT&CK-based rule chaining and richer telemetry pipelines. The conversation also explores agentic SOC use cases, AI-driven attack speed, data pipeline strategy and how security leaders can make the business case for modernizing detection engineering.