This article is part of a VentureBeat special, “AI at Scale: From Vision to Viability.” Read more about this story here.

Faced with a growing number of multi-faceted threats that are leapfrogging through fatigue, proliferation and outdated equipment, security leaders are embracing AI-based security centers (SOCs) as the future of security.

This year, attackers are setting a new record for the speed of intervention by exploiting weaknesses in systems designed to protect themselves and, worse, of reliable network connections.

Criminals reduced 17 minutes from the results of their eCrime penetration time last year and reduced the downtime of eCrime penetration from. 79 minutes to 62 minutes in just one year. The fastest exposure time was just two minutes and seven seconds.

Attacks include generative AI, social engineering, interactive instruction campaigns and all an attack on cloud vulnerabilities and identity. With this game they want to take advantage of the weaknesses of organizations that have old weapons or lack cybersecurity.

“The speed of today’s cyberattacks requires security teams to quickly analyze large amounts of data to detect, investigate and act quickly. This is the failed promise of SIEM (security information and event management). Customers are hungry for the best technology that delivers value.” immediate and operational performance at a low cost of ownership,” said George Kurtz, President, CEO and founder of the cybersecurity company. CrowdStrike.

“SOC leaders must get better at improving their detection and blocking capabilities. This should reduce the number of incidents and improve their ability to respond, and reduce the time of an attacker,” writes Gartner in his report, Tips for Choosing the Right Equipment for Your Security Facility.

AI-native SOCs: A proven solution for integrating swivel chairs

Visit any SOC, and it’s clear that many professionals are forced to rely on “round-table integration” because the systems in place are not designed to share information in real time.

This means that technicians often move their chairs around from one monitor to another, checking information and correcting errors. Accuracy and speed are lost when dealing with a multi-level effort that is not clear and distinct between actual streams of incoming information.

Here are just a few of the challenges SOC leaders are looking to an AI-native SOC to help solve:

Chronic fatigue syndrome: Embedded systems, including SIEMs, are generating more and more information for SOC professionals to monitor and analyze. The anonymous SOC researchers said that four out of every 10 alerts they generate are false. Researchers often spend more time testing false positives than investigating real risks, which has a significant impact on productivity and response time. Creating an AI-native SOC can be a challenge in this era, which every SOC analyst and leader has to deal with on a daily basis.

The talent shortage continues: Experienced SOC researchers who are good at what they do and whose leaders can influence the budget for raises and bonuses will, for the most part, stay in their positions. Kudos to organizations that recognize that investing in retaining SOC talent is critical to their business. The most commonly cited figure is that there is a global workforce gap of 3.4 million professionals. There is a significant shortage of SOC professionals in the industry, so it is up to organizations to close salary gaps and increase training to grow their teams internally. Frustration is rife in the underprivileged workforce who are forced to rely on a combination of revolving chairs to get their jobs done.

Threats of several kinds are on the rise. Adversaries, including cybercriminals, states and terrorist financing organizations, are increasingly exploiting them. the difference between protection and symptoms. A non-malware attack they have been growing over the past year, increasing in variety, quantity and skill of attack methods. SOC groups that protect enterprise software companies that create AI platforms, systems and new technologies are being developed. especially hard. Non-malware attacks are often unknown, rely on legitimate tools, often produce unique signatures, and rely on fileless execution. Kurtz told VentureBeat that attackers targeting endpoints and privacy threats often move in sequence within a system in less than two minutes. Their advanced strategies, including cluster engineering, ransomware-as-a-service (RaaS), and information-based attacks, require fast and flexible SOC solutions.

Increasing cloud cover increases the risk of an attack. Cloud intrusion has occurred has changed by 75% every yearand adversaries exploiting cloud-based vulnerabilities such as insecure APIs and data immutability. SOCs often suffer from limited visibility and inadequate tools for mitigating threats in complex multi-system environments.

The proliferation of data and the proliferation of devices creates security gaps that SOC teams are asked to fill. Historically-based systems, including decades-old SIEM systems, struggle to adapt and analyze the volume of data generated by modern infrastructure, endpoints, and telemetry data sources. Asking SOC professionals to stay on top of multiple sources of information and reconcile data across different devices reduces their efficiency, leads to fatigue and prevents them from achieving accuracy, speed and efficiency.

How AI is improving SOC accuracy, speed and performance

“AI is already being used by criminals to defeat other security measures in the world,” he warns Johan Gerber, senior vice president of security and cyber innovation at MasterCard. “But AI has to be part of our future, how we attack and deal with cybersecurity.”

“It’s very difficult to go out and do something if AI is thought of as a bolt-on; you have to think of it (as a necessity),” Jeetu Patel, EVP and GM of security and collaboration at Cisco, said. he told VentureBeatciting the findings from 2024 Cisco Cybersecurity Readiness Index. “The buzzword here is that AI is being used naturally in your startup.”

Considering the many accuracy, speed and benefits of transitioning to an AI-native SOC, it makes sense why Gartner supports the idea. The research firm predicts that by 2028, multi-level AIs for threat detection and response (including within SOCs) will rise from 5% to 70% of AI deployments – essentially augmenting, not replacing, employees.

Chatbots are making an impression

Key to the value that AI-powered SOCs bring to cybersecurity and IT teams are accelerating threat detection and predictive analytics using real-time telemetry data.

SOC teams have reported that AI-based tools, including chatbots, are providing faster answers to a wide range of questions, from simple analysis to complex problem analysis. The latest generation of chatbots designed to streamline SOC operations and support security professionals include CrowdStrike’s Charlotte AI, Google’s Threat Intelligence Copilot, Microsoft Security Copilot, Palo Alto Networks’ series of AI Copilots, and SentinelOne Purple AI.

Image storage is critical to the future of SOCs

Graph database technologies are helping defenders see their vulnerabilities as well as attackers. Attackers think of bypassing the business view, while SOC defenders often rely on lists they use to get around barriers. The graph database tools competition aims to enable SOC professionals to collaborate with threat actors when it comes to tracking threats, intrusions and breaches in their infrastructure, systems and networks.

AI is already proving effective in reducing false positives, responding proactively, improving threat analysis and finding new ways to improve SOCs.

Combining AI with graph databases also enables SOCs to track and stop multi-level threats. Image databases are critical to the future of SOC because they excel at viewing and analyzing connected data in real time, which helps identify threats quickly and accurately, analyze attack patterns, and prioritize risk.

John Lambert, vice president of Microsoft Security Research, emphasized the importance of thinking based on graphs in cybersecurity, explaining to VentureBeat, “Defenders think in lists, cyber attackers think in graphs. As long as this is true, attackers win.”

AI-based SOCs need people in the middle to achieve their potential

SOCs that intentionally plan to build human-centric processes as a core part of their AI-native SOC strategies have the best chance of success. The main goal should be to strengthen the knowledge of SOC professionals and provide them with the data, information and wisdom they need to succeed and grow in their roles. Also included in the design of human-centered transportation is storage.

Organizations that have created a culture of continuous learning and view AI as a tool to accelerate learning and workplace outcomes are already ahead of their competitors. VentureBeat continues to see SOCs that prioritize so that professionals can focus on complex, innovative tasks, while AI takes care of routine tasks, keeping their teams organized. There are many small success stories, such as stopping an intrusion or breach. AI should not be viewed as a instead of SOC experts or for sophisticated threat hunters. In fact, AI software and platforms are tools that make threat hunters better at protecting businesses.

AI-powered SOCs can reduce response time, some organizations report up to a 50% decrease. This speed enables security teams to quickly respond to threats, minimizing potential damage.

The role of AI in SOCs is expected to expand, including proactive adversary testing, continuous monitoring of the health of the SOC environment, and high-end and information security through zero-trust integration. These improvements will further strengthen organizations’ defenses against cyber threats.