Operationalizing AI For Network/SOC Analysts

The presentation focuses on using Human Design Engineering (HDE) principles for the development of AI tools that are more adaptable to the varying levels of expertise within a SOC or analyst team.

Using logic-rails, behaviors, and trigger-actions to craft the AI assistant into a functional interface that integrates disparate systems, and enable analysts to access and cross-reference data. This integration is crucial for rapid threat identification and response, as it allows analysts to draw connections between indicators of compromise and potential threats without manually navigating through multiple platforms

We will also highlight how AI assistants can be configured to align with the workflows and preferences of human analysts, ensuring that the technology adapts to the user rather than the other way around. This user-centric design is essential for maintaining the human analyst’s role as the decision-maker, leveraging the AI’s processing power to enhance their situational awareness and investigative capabilities. The concept of “human in the loop” is a critical component of this approach. It emphasizes the importance of human oversight in automated processes to ensure that decisions are made with a level of discernment that AI currently cannot replicate.

By reducing the time spent on manual data aggregation and preliminary analysis, AI assistants empower analysts to dedicate more effort to tasks that require their expertise. AI Assistants help not only improve the efficiency of a task workflow but also ensures that human judgment remains at the forefront of the decision-making process for small, medium, or global sized security teams.