Ep137: AI Without Borders - Extending analyst capabilities across the modern SOC
Update: 2025-08-27
Description
Gagan Singh of Elastic discuses how agentic AI systems reduce analyst burnout by automatically triaging security alerts, resulting in measurable ROI for organizations
Topics Include:
- AI breaks security silos between teams, data, and tools in SOCs
- Attackers gain system access; SOC teams have only 40 minutes to detect/contain
- Alert overload causes analyst burnout; thousands of low-value alerts overwhelm teams daily
- AI inevitable for SOCs to process data, separate false positives from real threats
- Agentic systems understand environment, reason through problems, take action without hand-holding
- Attack discovery capability reduces hundreds of alerts to 3-4 prioritized threat discoveries
- AI provides ROI metrics: processed alerts, filtered noise, hours saved for organizations
- RAG (Retrieval Augmented Generation) prevents hallucination by adding enterprise context to LLMs
- AWS integration uses SageMaker, Bedrock, Anthropic models with Elasticsearch vector database capabilities
- End-to-end LLM observability tracks costs, tokens, invocations, errors, and performance bottlenecks
- Junior analysts detect nation-state attacks; teams shift from reactive to proactive security
- Future requires balancing costs, data richness, sovereignty, model choice, human-machine collaboration
Participants:
- Gagan Singh – Vice President Product Marketing, Elastic
Additional Links:
- Elastic – LinkedIn - Website – AWS Marketplace
See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
