Managed Security Services

MSSP Perspective: How AI and LLMs Will Impact SOAR and the SOC

Network-as-a-Service

Artificial intelligence (AI) is showing early results as a game-changer in cybersecurity. Undoubtedly, AI will be a tool for both cyber defenders and, unfortunately, the attackers who are already pressing forward with early successes.

In fact, 85% of security professionals attribute the escalated threat landscape to generative AI, and 71% said nation-states may already be deploying Chat GPT for malicious purposes.

But let’s focus on us, the defenders, the ones playing catch up. AI should augment or replace human workflows, not humans. We need both to beat the hackers and AI is showing signs of helping us increase our security posture, accuracy and speed to defend. Whether you are an MSSP, SOC or SOAR provider, we need to enhance our predictive threat detection, speed of response and employ an expert team that can focus on escalated responsibilities that can be more detrimental to the business. 

AI brings the cognitive ability to grow, learn and carry out tasks based on algorithms. AI empowers you by continually becoming more knowledgeable as it gathers information from a near-infinite variety of sources — whether that data is neatly searchable in a database or generated by a machine (structured) or social media (unstructured).

AI is starting to be used to analyze large amounts of data to identify suspicious activity or to automate the response to security incidents. Large Language Models (LLMs) and AI (SecurityBERT and FalconLLM) are showing tremendous results in replacing traditional ML/Rules engine processing for cyber threat detection and response, showing 98% accuracy in early testing. This will increase the speed of detection and response in the SOC. 

With 98% accuracy and the speed of AI, the response is instantaneous and thus makes the traditional SOAR obsolete. AI will create a new SOAR, one that moves at the speed of an attack and not just in response to one. Think about that... a dynamic response to a dynamic attack. Game changer!

Early research results of these LLMs show that AI excels at:

  • Root-cause analysis automation and integration
  • Predictive analytics to forecast potential security threats and vulnerabilities. This forward-looking approach enables organizations to prepare and mitigate risks before they materialize.
  • Giving SOC teams the information needed to reduce Mean Time to Detect and Mean Time to Respond (MTTD and MTTR) — with a quicker, more decisive escalation process
  • Adapting to cyberattacks on the fly, during the attack
  • Advanced decision-making assists in making informed decisions during security incidents. By analyzing historical data and current threat intelligence, AI can suggest the best course of action, improving the effectiveness of the response strategies automated or not.

Overall, AI is expected to play a critical role in the future of 24/7 SOCs, enhancing their efficiency, effectiveness and proactive capabilities in detecting, investigating and responding to cyber threats. Organizations of all sizes must invest in AI-powered security solutions to keep up with the threat landscape. The SMB market can access these advanced LLMs and AI-powered cybersecurity by partnering with a SOC-as-a-Service built on AI/LLM technology.

Tony Pietrocola, President, AgileBlue

Tony Pietrocola is President of AgileBlue, an autonomous security operations center (SOC) and SOAR provider. Tony got his start as an Apple Engineer from 1997-2000, before going the entrepreneurial route and founding multiple businesses. In 2019, he co-founded AgileBlue to address the growing cybersecurity needs of the business community and AI-driven security threats. He is also President of InfraGard – Northern Ohio Alliance, which partners with the FBI to protect critical infrastructure.