Defend Your Time: Applying Agentic AI to SecOps (Part 1 of 3)

“Defend Your Time” is the podcast dedicated to helping security leaders get more out of their Microsoft security investments. Listen and subscribe through Spotify or Apple Podcasts.

Theus Hossman, Chief Technology Officer for Ontinue, joins us in the first episode in a three-part series on Applying Agentic AI to SecOps. In Episodes two and three we will discuss demystifying Agentic AI and agentic AI from the CISO’s perspective, respectively. 

The Perfect Storm in Cybersecurity

The discussion begins around the growing challenges in cybersecurity. With an exploding number of attack surfaces and increasing complexity, it’s no longer sufficient to focus solely on hardware or networks. We must consider user behavior, data, cloud workloads, and even AI security itself. Compounding these challenges is a severe talent shortage in cybersecurity. With the difficulty finding and retaining experienced professionals, security and IT leaders simply cannot hire their way out of the problem.

The Role of AI in Addressing Cybersecurity Challenges

AI and automation are crucial in addressing these challenges. There are three fundamental pillars of AI and automation:

1. Deterministic Automation Traditional coded automation that handles frequent, predictable tasks but struggles with the long tail of rare events.
2. AI-Assisted Work Tools that enhance human efficiency, such as AI assistants that help with incident summarization and finding similar past incidents.
3. Agentic AI The most advanced approach, where AI models have more autonomy, planning, reasoning, and adapting to complex, unforeseen situations.

What is Agentic AI?

Agentic AI represents a significant leap forward. Unlike traditional AI assistants, agentic AI can autonomously plan, reason, and adapt to dynamic situations. This capability is enabled by technological advances in AI models and the development of new patterns and techniques for AI applications.

Applying Agentic AI to Security Operations

At Ontinue, agentic AI is being used to automate the investigation of security incidents. An AI agent performs the initial investigation, gathering context, running checks, and creating a detailed report for human analysts. This approach not only increases efficiency but also ensures consistency and quality in investigations.

Despite the advanced capabilities of agentic AI, human oversight remains crucial. Security analysts review the AI-generated reports, validate the findings, and provide feedback to improve the AI models. This collaborative approach ensures that critical decisions are made by humans while leveraging the efficiency of AI. 

For security operations centers (SOCs), agentic AI significantly reduces the time and effort required for incident investigations. It allows analysts to focus on more complex tasks and improves the overall quality and consistency of investigations. For customers, this means faster response times and reduced risk.

Building an AI-Native Platform

Implementing agentic AI in security operations requires a robust data platform, a variety of tools and skills for the AI to access, and seamless integration into analysts’ workflows. Ontinue has built an AI-native platform that supports these requirements, enabling the effective deployment of agentic AI.

Agentic AI is transforming security operations by automating tedious tasks, enhancing efficiency, and ensuring consistent, high-quality investigations. While AI takes on more responsibilities, human oversight remains essential to validate and improve the AI’s performance. As we continue to explore the potential of agentic AI, the future of cybersecurity looks more and more promising.