Palo Alto Networks Launches New “Autonomous SOC” Technology

Palo Alto Networks has deployed its early-stage “autonomous SOC” technology to approximately 10 design partners as part of an attempt to make security operations centers more efficient and less dependent on humans.

Nir Zuk, founder and CTO of Palo Alto Networks, introduced the concept of so-called autonomous SOCs during a keynote Tuesday at the RSA conference in San Francisco.

During his keynote, Zuk discussed Palo Alto Networks’ development of new-style SOCs that rely more on AI and machine learning tools and less on human data surveillance designed to detect and prevent threats. cyberattacks.

[RELATED: 10 Women Who Are Making A Difference In Cybersecurity]

“This technology is happening right now,” he told RSA audience members at Moscone Center North in San Francisco. “We build it. We run it.

In an interview with CRN, Zuk went into more detail about exactly what his company has been building and deploying — and it involves about 10 companies that have installed Palo Alto Networks’ new standalone technology within their own SOCs.

“It’s being deployed with a number of very large Palo Alto Networks design partners,” said Zuk, who did not reveal the names of the partners. “And they’re helping us make this system generally available.”

Autonomous SOC technology already deployed

When asked if the technology was indeed in beta testing, Zuk said the company’s automation product was more developed.

“It’s beyond beta testing,” he told CRN. “It’s just that we prefer to perfect it with 10 design partners who use [it].”

Rick Caccia, senior vice president of marketing at Palo Alto Networks, confirmed that the company has now deployed standalone SOC technology in about 10 medium and large enterprises.

While more data needs to be collected on the effectiveness of the technology, Caccia said companies currently using it seem happy with the results they’ve seen.

In fact, one company was so happy to have eliminated its security information and event management tools, Caccia said.

In addition to sharing the technology with design partners, Palo Alto Networks is using the new technology in its own security operations center, Caccia said. Among other improvements, Caccia said the system has significantly reduced the number of duplicate alerts about possible breaches.

In recent years, a number of organizations have pushed for greater automation of SOCs, claiming that there is simply too much data being generated for human analysts to monitor and act on appropriately.

If the new autonomous SOC technologies work as expected, they could lead to a significant decrease in the number of human SOC analysts, which concerns at least one player in the chain.

A “double-edged sword” for the cybersecurity industry

Rick Smith, owner of Renactus Technology, a Union, NJ-based MSP, said the development of standalone SOCs is a “double-edged sword” for the industry.

On the one hand, it has the potential to improve the effectiveness of SOCs in detecting legitimate cyber threats. But part of the original idea of ​​SOCs was actually to involve humans in detecting and responding to hacks, he said.

“That’s one of our concerns,” Smith said of new SOC technologies. “It’s not a big concern right now. It is too early to tell how this will unfold. »

Smith, who co-hosts a podcast called “MSP Unplugged,” said Renactus Technology does not own a SOC, but does contract with others for SOC services.

Zuk emphasized that there will always be a human component in SOCs. “You’ll need human beings because there are things that machines just can’t do,” he said.

But he said the operational focus of SOCs needed to shift from human beings to automation driven by AI and machine learning tools.

“[Humans] can’t do all the work that is necessary – to look at all the data all the time and figure out if something is going on,” he said.

He said he expects increased investment in automated SOC solutions.

“I think, relatively quickly, we’re going to see budgets that go towards adding more and more automation to the SOC,” he said.

Among those seeking advanced SOC technology is Cambridge, Massachusetts-based Devo Technology, which recently raised an additional $100 million from investors to further develop its own standalone SOC product, as well as expand its business. global.

About Dianne Stinson

Check Also

From Paphos to Zagreb: Technology helps visitors see ancient cities from a new perspective

Imagine traveling to a city where all tourist offers are available on a application and …