How AI and LLMs change SOAR and the Security Operations Center (SOC)

cyber shield on a virtual screen

Artificial intelligence (AI) is showing early results as game-changer in cybersecurity. Obviously, AI will be a tool for both cyber defenders and unfortunately the attackers who are already pressing forward with early successes.

Let’s focus on us, the defenders, the ones playing catch up. AI should augment or replace human workflows, not humans. We need both to beat the hackers. AI is showing signs of helping us increase our security posture, accuracy, and speed to defend. Whether you are an MSSP, SOC or SOAR provider we need to enhance our predictive threat detection, speed of response, and employ an expert team that does not want to do mundane tasks.

AI brings the cognitive ability to grow, learn, and carry out tasks based on algorithms. AI empowers you by continually becoming more knowledgeable as it gathers information from a near-infinite variety of sources — whether that data is neatly searchable in a database or generated by a machine (structured) or social media (unstructured).
AI is starting to be used to analyze large amounts of data to identify suspicious activity, or to automate the response to security incidents. Large Language Models (LLMs) and AI (SecurityBERT and FalconLLM) are showing tremendous results to replace traditional ML/Rules engine processing for cyber threat detection and response showing 98% accuracy in early testing. This will increase the speed to detection and response in the SOC. Think about this with 98% accuracy and the speed of AI, response is instantaneous and thus makes the traditional SOAR obsolete. AI will create a new SOAR, one that moves at the speed of an attack and not just one in response to one. Think about that, a dynamic response to a dynamic attack. Game changer!
Early research results of these LLM’s show AI excels at:

  • Root-cause analysis automation and integration
  • Predictive analytics to forecast potential security threats and vulnerabilities. This forward-looking approach enables organizations to prepare and mitigate risks before they materialize.
  • Giving SOC teams the information needed to reduce Mean Time to Detect and Mean Time to Respond (MTTD and MTTR) — with a quicker, more decisive escalation process
  • Adapting to cyberattacks on the fly, during the attack
  • Advanced decision-making assisting in making informed decisions during security incidents. By analyzing historical data and current threat intelligence, AI can suggest the best course of action, improving the effectiveness of the response strategies automated or not.

 

If you have seen the incredible movie Oppenheimer a famous quote from Robert Oppenheimer worked then and seems to apply now, well with one little change:

“I don’t know if we can be trusted with such a weapon. But I know the German’s can’t.”- Oppenheimer
“I don’t know if we can be trusted with AI. But I know the HACKERS can’t.”- Tony Pietrocola

 

Overall, AI is expected to play a major role in the future of 24/7 SOCs, making them more efficient, effective, and proactive in their ability to detect, investigate, and respond to security threats. Organizations of all sizes need to invest in AI-powered security solutions to keep up with the threat landscape. The SMB market can access these advanced LLMs and AI-powered cybersecurity by partnering with a SOC-as-a-Service built on an AI/LLM technology.

Written by Tony Pietrocola

Tony Pietrocola is Co-Founder and President of AgileBlue, founded in 2019. Tony currently resides in Cleveland, OH.

November 28, 2023

Blog Posts

You May Also Like…

Request a Demo

AgileBlue is a software company with an innovative SOC-as-a-Service for 24X7 network monitoring, cloud security, data privacy and compliance.

Our modern SOC-as-a-Service is built on innovative machine learning and autonomous execution. If you would like to discuss our SOC-as-a-Service, Partner Program or schedule a brief demo please give us a little info and we will contact you immediately.