An autonomous SOC by 2030? That is the question we discuss in this podcast.
Imagine, only AI agents operating on cleanly gathered and processed IT and security stack telemetry from network traffic, endpoints, business productivity applications, users, etc., figuring out their own analysis techniques, deciding an appropriate counter measure, invoking the action, notifying humans and SOAR systems/processes. Sounds magical, right? Maybe it’s pie-in-the-sky. Maybe it’s closer than you think.
Unless you are way out of touch, you’ve probably already experimented with ChatGPT, Gemini, Claude or some other popular Large Language Model (LLM). Depending on what you asked, how well you framed your ask, what additional guidance material you provided, your returned response will have ranged from comically ignorant to astoundingly insightful. And that experience will very likely shape your belief system circa the viability of a truly autonomous SOC by 2030 - just a mere five years from now.
So the first thing to consider is, have you put in your 100 hours with an LLM? If not, your belief system is perhaps more informed by what you hear others say on LinkedIn, YouTube or (God forbid) Instagram. But if you’ve done your own homework, you know a lot more about the extreme possibilities within our near-term grasp.
Look, I’m not here to convince readers one way or the other. But as I mention in the podcast, having presented this topic to about 2000+ ITSec professionals in 2024, I saw them move from about a 5% “I believe it is plausible” to a 50% “I believe it is plausible” in less than 30 minutes.
If you’re a science fiction fan, you’d have to admit the recent advancements in LLMs align with Robert Heinlein’s interest in linguistics and communication, which feature prominently in works like Stranger in a Strange Land. He’d very likely applaud AI’s ability to parse and generate human language, recognizing it as a profound step toward bridging the gap between human and machine understanding.
Regardless, I’d invite you to take 22 minutes (an average dog walk?) and give our little podcast a listen.
Hey, truth be told, I think an autonomous SOC - even if we could do it within five years - would be a mistake in and of itself. But not trying to automate everything possible in a SOC - as a giant force multiplier - is exactly what the bad guys are hoping we’ll choose - as they steadily build more and more AI-enabled attack techniques.
Take a listen. Let us know what you think. Hit us up over on LinkedIn. It’s a worthy topic to kick around.
