Cybersecurity firm
Intezer is leaning on AI to help tackle the myriad challenges facing security operations centers (SOCs) run by
enterprises and MSSPs, from the overwhelming flood of alerts to the shortage of available security talent to the AI-powered attacks they have to fend off.
“This combination is eroding SOC effectiveness, slowing response times, and creating blind spots where real threats hide in low-severity alerts that teams no longer have the time or capacity to investigate,” Intezer co-founder and CEO
Itai Tevet wrote in a
blog post this week.
To address the challenges, the Israeli company with headquarters in New York City this week unveiled its Forensic AI SOC, a platform that already is used by 150 enterprises, including 15 in the Fortune 500. The goal is to enable organization to strengthen their detect and response capabilities, lessen alert fatigue, and scale their cybersecurity protections without having to grow their payrolls.
It also gives enterprises an alternative to other AI SOC platform offerings that are muscling their ways into an increasingly crowded market that includes such players as
SentinelOne’s Purple AI,
Microsoft’s Sentinel and Security Copilot,
CrowdStrike’s Charlotte AI, and
Vectra AI.
“Intezer Forensic AI SOC flips the AI SOC model on its head,” Tevet wrote. “Instead of solely relying on AI Agents and LLMs [large language models], our platform combines AI agents and automated orchestration of deterministic forensic tools, to mimic the triage and investigation methods used by elite responders and perform deep, accurate investigations at speed and scale.”
Each alert is examined by Intezer’s platform using such capabilities as endpoint forensics, reverse engineering, network artifact analysis, and sandboxing,” the CEO added. “These are paired with the adaptive research and reasoning of multiple LLMs to ensure both depth and flexibility in every investigation.”
A Crowded Market
Software Analyst Cyber Research has been delving into the trend toward AI-based SOCs, including releasing a report last year about
the path forward for the technology. In August, the firm’s founder and CEO,
Francis Odum, and
Rafal Kitab, director of security operations and incident response at
ConnectWise, wrote that the space, including the rapid emergence of companies entering the market.
“We’ve seen a surge of vendors entering or pivoting into the AI SOC space, each promising to alleviate alert fatigue, automate investigation, and augment analyst workflows,” Odum and Kitab
wrote. “AI has moved from an experimental idea to a working system inside the SOC. AI SOC platforms are now being used to monitor environments, investigate alerts, and respond to threats with less manual effort. These tools are helping reduce detection and response times, ease analyst burden, and improve coverage across increasingly complex environments.”
Broad Use of Intezer's Platform
The companies already using Intezer’s platform come from a range of industries, including financial services, technology, pharmaceuticals, critical infrastructure, and retail, Tevet wrote. The benefits they get range from reduced business risk, predictable and cost-efficient pricing, instant time to value, and a lowered dependence on managed detection and response (MDR) and more automated analyst workloads, the CEO wrote.
The numbers bear this out, he wrote, including 100% coverage of alerts, with 96% of them handled automatically by the platform and fewer than 4% being escalated for review by humans. In addition, the median triage time is a minute.
Anthropic Report a Proof Point
Tevet pointed to the recent
report from AI vendor
Anthropic describing how a Chinese threat group used its Claude AI model in a sophisticated cyberespionage attack, another example of how AI is being
weaponized by cybercriminals and an argument for the
need of defenders to adopt AI in their protection strategies.
“These attacks often leave behind subtle, low-severity breadcrumbs that traditional SOCs and MDRs overlook,” the CEO wrote. “Without full alert coverage and forensic-grade triage, organizations cannot detect or contain AI-driven campaigns before they escalate. This is precisely the gap Intezer’s Forensic AI SOC was built to close.”
Rob Enderle, principal analyst with
The Enderle Group, said AI comes with a range of benefits for security teams and MSSPs, but that there also are risks they need to be aware of. They’ll need an AI tool that is well-vetted and open source and has solid management and auditing capabilities so security pros can assure its continued safe use and intended outcomes.
AI Comes with Benefits, Risks
“AI is really good at capturing and analyzing data real time, but it can be compromised and, in extremes, can be turned against the firms deploying it, so it needs strong oversight so it doesn’t do more harm than good,” Enderle told MSSP Alert. “But deployed correctly in security, it can remove most all of the drudge work and result in a far more agile security function and a far more secure company against the increasing number of AI driven threats that are proliferating worldwide.”
He also noted the high costs of deploying an AI SOC platform – particularly in the midmarket – if the cost isn’t shared by a number of companies.
This makes it “far more attractive for MSSPs, who can sell to multiple companies [rather] than [it] being developed exclusively inside an individual company, short of a massive multinational,” the analyst said. “Even those larger companies would likely find starting with an existing MSSP solution to be a faster and safer option.”
