Let’s be honest for a second. If you look at the average security operations center (SOC) today, does it look like a futuristic command center, or, as referred to in a new whitepaper series with our friends at KPMG, “a frantic triage unit in a hospital that's perpetually on fire?"
Sound familiar?
We all know the pain: drowning in alerts, fighting false positives, and suffering from burnout. But here is the good news—we are finally moving past the "AI hype" phase into something real. We are not only entering the era of the agentic SOC, but agentic defense.
I’m excited to share a new series of three whitepapers we co-authored with KPMG that cover the entire arc of this evolution—from the burning platform of today to the agentic future of tomorrow.
1. The Challenges: Why We Can’t Keep Doing This
The first paper, Challenges to AI-driven Security, dives deep into why the old models are breaking. It’s not just about volume; it’s about complexity. We explore why manual workflows are a dead end and why "organizations can no longer afford to maintain the status quo."
2. The Capabilities: Building a Smarter System
The second paper, AI-driven Capabilities for Security Operations, gets into the "cool stuff"—but with a purpose. We look at how AI agents can work alongside humans, not to replace them, but to augment them and 10x what they are doing. As we put it in the paper: "It's not about working faster; it's about building a system that works smarter, freeing human experts to focus on the challenges that truly require their intuition and skill."
Imagine an AI agent that doesn’t just summarize an alert but actually investigates it—checking reputation, tracing origins, and presenting you with a decision, not just data. That is the power of an agentic approach that is here today.
3. The Journey: How to Actually Get There
Finally, the third paper, Security Transformation Journey, is for those who ask, "Okay, but how?" (A question I love!). This isn't magic; it's engineering and process. "Transitioning from a reactive, tool-centric SOC to an intelligence-led cyber defense operation is not just a technological upgrade—it's a full-scale transformation." And we do have organizations that did it.
But before you get to the cool autonomous stuff, you have to eat your vegetables. The paper makes it clear: you can't build an agentic SOC on a foundation of data silos. You need "unified data and application programming interfaces (APIs)" to give agents the context they crave. Otherwise, it won’t be a hallucination that ruins your day, it will be an agent taking action based on incomplete or erroneous context data (Who owns this instance? What does this service do? How did we resolve it last time?). If your AI can't talk to your IT or HR systems, it won't know the difference between a "scheduled data migration" and a "data exfiltration attempt." Getting your data ready is the unglamorous but essential first step.
We map out a three-phase approach—from assessment to augmentation, and finally to selective autonomy—so you can build a roadmap that actually works.
Read the full series here.
This is more than just reading material; it’s a blueprint for the future of defense. Let me know what you think in the comments!