2025-08-04 –, Firenze
Modern SOCs are overwhelmed with data but short on insight and talent. This session introduces a cognitive detection framework that transforms traditional detection logic into a reasoning engine powered by SLM/LLM-based AI agents. These agents act like seasoned analysts: linking subtle signals, reconstructing attack timelines, prioritizing and guiding decisions based on business impact and intent. The session outlines the pipeline-from alert enrichment to automated response-orchestrated by specialized agents designed to elevate detection from raw data to operational wisdom. With a demo and real-world KPIs, attendees will walk away with a blueprint for building a smarter, leaner, and more impactful SOC.
We introduce an agent-based detection framework that uses top-down reasoning and contextual understanding-powered by SLM/LLMs-to go beyond static correlation and entity matching. Each AI agent is designed for a specific role in the detection lifecycle, forming a modular pipeline that improves accuracy, prioritization, and automation. This is a new approach in applying cognitive AI to SOC workflows and brings reasoning, intent analysis, and wisdom-driven decisions to detection and response. It solves alert fatigue, missed and false correlations, schema dependency, and the inefficiencies of static rules. Traditional correlation engines can't scale across multi-domain, multi-vendor, cross-entity threats or adapt fast enough. This framework gives SOCs the ability to reason about alerts, hypothesize links, and prioritize actions-reducing noise, improving detection coverage, and enabling faster responses.
Oudy is a senior cybersecurity research program manager at Microsoft, where he leads the content quality and next-generation LLM-based detection framework strategy for Microsoft XDR and SIEM. With over 15 years of experience, Oudy brings a unique blend of hands-on expertise, offensive mindset and deep knowledge of SOC operations, purple teaming, and AI-driven detection. Prior to Microsoft, he led offensive security and research programs at EY and critical infrastructure practice at PwC, including national-scale initiatives such as Israel’s ICS National Cybersecurity Lab (ICNL) design and program management. Oudy has also served in key cybersecurity and leadership roles within the Israeli Prime Minister’s Office, focusing on OT security, cyber resilience, and secure architecture for classified environments. His current research program focuses on evolving SOCs from reactive data analysis to wisdom-driven detection pipelines using cognitive AI agents. Oudy holds an M.Sc. in Nuclear Engineering, a B.Sc. in Electrical Engineering, multiple GIAC certifications, and regularly instructs advanced cybersecurity courses.