Stopping breaches at machine speed demands agents, not alerts
Presented by DXC TechnologyThe sheer volume and sophistication of incoming threats today has dwarfed attacks from just six months ago, let alone two years ago, because adversaries have leveled up with AI. Naturally, security operations and analysts are under pressure, facing mounting alert volumes and false positives, while organizations scramble to support them amidst a widening talent gap and an old model that doesn't stand up, says Chris Drumgoole, president, global infrastructure services at DXC Technology."The traditional, linear SOC [Security Operations Center] method was built very much like the rest of information technology service management — ticket, investigate threat — but the math just doesn’t add up given the volume," Drumgoole says. "You would need a SOC bigger than your customer call center just to deal with all the incoming tickets. And that pure volume question is coupled with the increasing sophistication of tools and attacks. When you put those things in a blender, you end up with an old model that doesn’t work anymore."To combat alert fatigue and slow investigation cycles, organizations are fighting fire with fire: agentic security, or intelligent AI agents, that are capable of independently triaging, investigating, and responding to incidents at scale. DXC has partnered with 7AI to launch DXC Agentic Security Operations Center (SOC) integrating fully autonomous AI agents into its end-to-end managed security operations. But before rolling this out globally to customers, DXC put the technology to the test, Drumgoole adds, using 7AI's agentic platform to optimize its own internal SOC capabilities. They immediately saw an 80% reduction in tier-1 SOC analyst time and a 95% reduction in the number of tickets that humans must analyze, which means a 67% reduction in mean time to respond in the tier-1 and tier-2 SOC. A category shift, not an incremental update This isn't just upgraded automation, but a major shift in threat response, analogous to the earlier shift from static defense to dynamic response. Agentic security isn't rule-based — it's adaptive, contextual, and end-to-end. And though humans will stay in the loop over the long term, agentic AI has the potential to move from reactive triage to proactive, self-directed defense."The real difference is that the AI model gives every alert the side eye, so to speak," Drumgoole says. "While automation responds to the same alert the same way every time, the AI agent approaches each situation uniquely, recognizes the nuances and can learn from what it saw the last time and the time before. What we expect from our new Agentic SOC is going to be evolutionarily different just in terms of the amount they handle and how fast they handle it going forward."DXC Agentic SOC eliminates the traditional bottlenecks of manual alert processing, expecting to save customers 30 minutes to 2.5 hours per investigation by reducing false positive rates that can consume analyst resources. Average response time has gone from about 74 minutes to 24 minutes, a 70% improvement over the average human capability. "The data speaks for itself. The math is the math," Drumgoole says. "In the first 40 days of running our own Agentic SOC, we saved 165 human days of analyst work time. It’s only going up from there.An evolve-or-die momentEven though the math speaks for itself in terms of accuracy, many organizations are still nervous about AI in general, and in particular, relying on it to transform their processes. Most workflows are built around humans, and bringing AI into the mix means disrupting that workflow, which adds time and material costs, and even takes an emotional toll. "That’s a big adjustment for people," Drumgoole says. "It’s really not a technical barrier, but an emotional, operational, and process barrier, underlined by 'this is the way we’ve always done it' thinking."But according to Drumgoole, it’s an evolve-or-die moment, and organizations need to push through the uncertainty. The mandate has to come from the top level, with executive-level sponsorship and clear mission. The beauty of the solution is that it's straightforward to implement and easy to scale, because it doesn't need to be considered a technology transformation, necessarily. Instead, it should be treated as equivalent to adding a stable of tier-1 security analysts. It doesn't require data storage or access to personal information, just needs to have the same security and access controls that an analyst would."Those who embrace it will grow their business," he explains. "The more you can invest in training your agents, in building and deploying them, the better they’re going to get. I think if you don’t, you’re going to find yourself a dinosaur real fast." Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.