2025-04-12 –, Track 1
It is becoming increasingly complex to defend against zero- to low-cost attacks generated by Threat Actors (TA) as they leverage sophisticated Generative AI (Gen AI)-enabled infrastructure. An orchestrated Workflow with a team of AI Agents presents an opportunity to respond better. To avoid burnout and alert fatigue of SOC analysts, a shift in strategy is required by automating routine tasks.
In traditional detection and response, detection are not easily achieved, and manual responses cannot match the required machine-level speed. To handle an alert, SOC analysts rely on the Standard Operating Procedure (SOP) or a playbook to ensure that nothing is missed while addressing a potential threat. SOPs and playbooks are a set of repetitive tasks that can be automated. Static automation struggles to adjust to dynamic requirements and is difficult to modify.
AI Agents can solve this problem as they adapt to new information and tweak actions accordingly. Integrating these procedures as instructions to the Agents can dramatically increase response speed and reduce human errors.
It is also crucial to balance autonomy with high precision by keeping a human in the loop. Recent advancements allow for the building of flexible Workflows with native integrations across multiple platforms and products. The ability to quickly produce a sophisticated Workflow for handling custom scenarios will be the key to this transition to a semi-autonomous SOC. As our reliance on AI-enabled hyper-automation increases, we will optimally leverage human expertise to design robust Workflows capable of managing repetitive tasks.
Keyur currently works with Walmart Global Tech as Lead Intrusion Analyst, and has keen interest in the safe use of AI systems. He is a mentor for future workforce on his webpage, www.topmate.io/kpr. Last year, SANS named him as a finalist in Rising Star Category of Difference Maker Awards 2024. He supports the infosec community by volunteering at local conferences, actively contributing to open source bodies (OWASP, Atomic Red Team, CoSAI), and as a panel member of Globee Cybersecurity Awards.