Building Trust Into Agentic SOC Tools with Oren Saban

Agentic SOC platforms are no longer a future pitch — they're shipping, and teams are using them to triage and investigate cases end to end. But speed and automation only matter if you can trust the output. John sits down with Oren Saban to unpack what it actually takes to build a trustworthy agentic SOC tool. They cover why these platforms are built as swarms of specialized agents rather than one generalist model, the role organizational context and data quality play in getting good results, ...
Agentic SOC platforms are no longer a future pitch — they're shipping, and teams are using them to triage and investigate cases end to end. But speed and automation only matter if you can trust the output. John sits down with Oren Saban to unpack what it actually takes to build a trustworthy agentic SOC tool.
They cover why these platforms are built as swarms of specialized agents rather than one generalist model, the role organizational context and data quality play in getting good results, how teams measure confidence and catch AI mistakes before they become missed detections, which analyst skills are becoming obsolete and which matter more than ever, and the emerging risk of prompt injection attacks against AI-powered SOC tools.
If you're evaluating these platforms — or trying to figure out what trust actually means when AI is doing most of the investigating — this conversation lays out the real tradeoffs.
Oren on LinkedIn: https://www.linkedin.com/in/oren-saban/
Contact, Courses, and More:
For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
Walking the RSA floor this year, something felt different. Not just more AI booths. There's always been plenty of those the last couple years, but for the first time, the tools I was seeing didn't feel like a first crack. They were actually shipping full-fledged functioning products. Agentic sock platforms that can triage, investigate, threat hunt, close cases, respond, real production ready stuff with real customers. And that's exciting, but it also raises a question I keep coming back to. If a platform is handling 80 or 90% of your investigations, what does a good analyst actually now need to know? The job description has changed, and I'm not sure everyone has caught up to that yet, or even is sure what that means. Well, today on the podcast, we have one guest that does have answers, and that is Ornzaban, someone who has been thinking hard about exactly these kind of questions as well. First at Microsoft while working on Security Copilot, and now on building one of these platforms of his own. We talked about how these tools actually work under the hood, what context they need to be useful for your team, and what skills are going to matter more and less as the technology continues to mature. So with that, let's get into it. Oren, thank you so much for joining me on the Blueprint Podcast. Uh wanted to kick off this episode with a little bit of a backstory. Uh we met at RSA, which was filled with a bunch of really exciting uh security operations-related tools that had been released and capabilities that are now starting to form. And we had had a conversation around the implications of what that meant for security analysts, security leadership, and what it's going to uh do to the job and the tasks and the capabilities. Um, so I would love if we could start the conversation with an intro to uh you and uh your background, the problems you're solving, and how you're working in this area.
SPEAKER_01Oran, Oren Slabana, chief product officer here at Mate, Mate Security. We're working on the word of uh AI for security and specifically for SOC. Before that, in my prior roles, been working on security for AI startups. So that was uh one uh role, but beyond uh before that, I was working on Microsoft XDR and working very closely with the teams, the security teams, uh, running red uh red team, blue team trainings, and for a lot of SOC teams around the world, sitting with them in the room and see how to make their life better later on. I worked on Security Copilot and its ability to help again efficiency, efficacy, alert, fatigue, and uh help analysts do their job better and excel. Yeah, I'm very, very keen and excited about this word of uh how we can bring AI into security and uh in in what ways uh will the security word will change.
SPEAKER_00Yeah, so let's start there. For listeners that may have not been tracking some of the newest capabilities closely, uh I know when I walked around RSA, like it seemed like, and maybe just because I'm focused on this, but half of the show floor seemed like it was agentic security operations capabilities and tools and something that was related to that, which is super exciting. For those that may have not seen that kind of stuff and watched some of these brand new companies and capabilities, how would you describe the new wave of tools that is coming out and what they're capable of doing compared to what we've maybe had just in the previous year or two?
SPEAKER_01So a great question. I think um there is also a big mess today between because all of the tools are doing a lot of stuff, but eventually it comes down to some portions of first of all triage and investigation cases, uh investigating cases, and that I would say the bread and butter of anything that happens here. And from that, there is uh many different types of use cases from the ACM threat hunt these tools. So they automatically threat hunt, build an hypothesis, run on top of that, hunt on top of your data, write detection, and uh improve your detections, and so help you with the unknown unknowns, right? And find more things that you couldn't do before or do it faster, increase your speed. There is some newer agency case management capabilities, agenic reports, ability to summarize cases faster, all the documentation work that uh everybody hates, and many of that now can be uh managed with AI. And um and of course, uh some others I would say that that's the core of um the new capabilities.
SPEAKER_00So we've had automation capabilities in the past, right? SOAR platforms were big. Um we had initial takes on using AI with a little bit of capability built in and such in the tools, but what has um the agentic kind of revolution in this space unlocked compared to what SOAR has been able to do or uh what the more basic versions of even LOMs and AI was able to do just a short time ago?
SPEAKER_01So I think if we look at a regular SOC, not all the Q is uh true positives, right? It's combined of a little bit of true positive, maybe up to 10%, and then a lot of cases which are benign positives. So the detection was supposedly fine. It's just in this case, for us, this is okay. Now, to handle these types with automation becomes very hard because especially in enterprise, you have a lot of exceptions and tribal knowledge and things that are okay only in this case, and the detection tooling are not always tuned to whatever environment or don't even support such a layer of tuning. And then to build automation that can handle this sense, this human sense of something here looks fine, just uh because I I see him that this user has done this before, and I know him and I spoke with him about it, and yeah, he's doing that, and we say we'll create an exception, but we didn't do it yet. So there are so many hard problems to solve with automation that AI makes it way uh easier to do. And then supposedly, if your SOR is configured very well, you have tens of people configuring that daily, and you can achieve a state of very high level of automation, but for most of the teams, um, they never reach the state because it's so hard to build, configure, and uh change automation. And even on top of that, there are some layers which are very hard if you don't have the data organized in the right way and it's unstructured. And so to build SOAR that will utilize my confluence is something that is really hard, right? To nearly impossible. And now AI opened us another door of utilizing a lot of unstructured knowledge that we've had in many different places and leverage that to automate.
SPEAKER_00If someone is picking up one of these tools and has all of this unstructured data, how do these platforms approach making sense of all that data? Is there a certain type of format that it works better with? You know, if it let me rephrase, if I'm a team buying one of these, do I need to convert all my documents? Do I need to consider how I'm gonna be feeding that data into the system to get a good versus a bad result?
SPEAKER_01So I I would the first questions that comes is even not just do I need to do that, is wait, wait, wait, wait. My confluence has documents from five years that no one ever touched in the last five years. And what are you gonna do with uh how do you gonna handle the garbage in, right? Because we don't always maintain our documentation, our docs. That's a common problem that uh still with when I was at Microsoft, even with the internal Microsoft uh copilot, that was a problem. You can search for something, and that something is just skewed, it's not true anymore. And the the capability of the different tools is to take this data in, structure it in a way that you can trust it, and then leverage it. Because you don't want just to blindly leverage anything that you have in your confluence or in your Slack or in your Teams channels, like Teams groups, etc. You want to be mindful about what you leverage and and how you do it.
SPEAKER_00Does that just back up the problem to a data management problem, or is there an easy way to do that?
SPEAKER_01So the the way that I see it, the and some solutions offer that, some don't. Yeah, they all also offer the capability to sync the data, to manage the data in a way that you can trust and you have different confidence levels of this data. Um and definitely it again, as always, it all comes down to the data, right? Um so context is a very common uh name now. Um we have our security context graph. It's uh exactly this capability to connect between different data sources and data types, but eventually, if the data is problematic, you can have as much context as you'd like. You're gonna be you might be wrong.
SPEAKER_00If I was trying to predict my likelihood of success bringing one of these kinds of platforms in, um, is there any way to measure how much data context and other kind of surrounding information one of these tools is gonna need in order to produce a good result?
SPEAKER_01So the nice thing is that um, and again it depends on where different tooling have different mechanisms to do so, but the nice thing is you don't necessarily need to have um a lot of this predefined, because some of it may again just uh my take uh my two sense, we derive that from the work that analysts are doing. We derive um insights on policies, mate derives uh its ability to understand how we do this in this exact situation in this customer. And then basically you a lot of the ISO bring a lot of the expertise out of the box. So you don't need to teach um not Mate and all its competitors how to do a phishing investigation, it will come with this knowledge. And then the interesting part, and that's where I think um if I'm putting myself in the customer's shoes, you need to lean on is how do those merge. So great, there is a very smart agent that knows how to do a very complex cloud investigations, and then there is my own knowledge of how do I do it in my organization. And these two need to merge and to build an intent intent-based type of uh automation where the platform takes my knowledge in because it's important. And and the same thing, like you can't bring in a principal security threat hunter, put it in your sock tomorrow, and let him or her run on top of an investigation. They won't do it right. They don't know the policies, they don't know our exceptions, they don't know our compliance and regulations, um, and they don't even know our architecture, maybe. So just the same thing. You can't just take a very smart AI agent and let it investigate. It needs to know yourself and it needs to have the capability to learn enough out of what you already have.
SPEAKER_00That's one thing um that I I heard from literally everyone I've talked to in this space is context is key, right? If it doesn't have context, you're not gonna get good results. If you have great context, you're probably gonna get pretty amazing results. And depending on exactly how the work is broken up, right, um, there's a little bit of a dependency on that as well. So you had mentioned having a smart agent. Uh architecturally, it seems like I've noticed that the move is to break up what needs to happen in any given investigation into a bunch of separate agents that have specialties focusing on a certain piece of that investigation, whether it's tearing apart an email, whether it's considering all the options for hypothesis generation and evaluation, stuff like that. Um, why is that the approach that's taken as opposed to one agent that's maybe a little broader and gets the whole picture of what's going on?
SPEAKER_01It goes down to two, I would say three things in three different factors, even. The first one is uh a least agency approach. It gives the benefit benefits both from how easy it is for the model to do the task. So let's take an example. If I've given a model a task that a GPT 3.5 can run successfully, Opus 4.7 um will accelerate. Right? And this is something that we want because we are taking a non-deterministic uh intelligence like models and putting in the cases where we expect determinism, we have double standards for what we want out of uh these tools. We want it to behave in many cases like it's an automation when it's not. And then the list agency and scoping the agents to do a very specific task without the need to hold up a lot of different contexts in its way, because we know that even when there is a very large context window, or I guess I'll talk about it, it still creates MS for um or reduce the quality of what the agents will provide. So that's one thing to scope it for a better quality. Second thing will be to scope it for a better security. You don't necessarily want to bring knowledge from let's take an example around DLP, right? Maybe I want some agent to inspect the file that supposedly has data leakage. But DLP is a very noisy, um noisy type of alert. It creates a lot of false positives, so definitely I want that. On the other hand, I have a problem of permissions. I don't want to open all files in the organization to all agents to utilize that. And then I need to bridge between what's handling sensitive data, and exactly like we do with people, right? We don't give all permissions to everyone, we scope it to a specific time, even. Maybe it's a just-in-time approach that I can give the agents to go to sensitive data. And and eventually the last part, yeah, we we do a lot of scaffolding that maybe over time might disappear as the models get smarter and maybe will come with it their own uh layer of uh context management, but I think we're not there yet.
SPEAKER_00With breaking it up like that and having to fight with you know scope and security and scaffolding and all of those things, um, what do you find is the most difficult part about producing a product that that gets this right most of the time?
SPEAKER_01All LLMs are not very good at saying I don't know. Um and this is something that um was hard to, I'm calling it to teach. Uh you're not really teaching anything, but um to tune the agents, our agents, to the level of when they're not confident. And uh there is a lot of mechanisms that we've built in order to get their calibration of the confidence. Uh it's not if you ask LLM to give it a con itself a confidence, it will do some calculation and reasoning, but it's not necessarily right. And it's not something that uh those uh tools are good at, at least not at the moment. And then you need another layer that will know how to leverage and give the context to be able to even derive what what confidence is. Now, this uh yeah, I would say this is the hardest part, to be able to get it to the point where it would be able to say, I don't know what it doesn't have the data, to be able to not be as sure in its answer and uh surface when there is problems. And so I like we ask our employees to raise a flag when there is a problem. By default, LLMs are not as good in that. And uh that's something that uh we worked a lot to achieve.
SPEAKER_00That's probably a good segue into what I think is part of the most interesting things that we discussed at RSA is the more kind of philosophical implications of having tools and the job and career implications of having these kinds of tools for people who want to work in a SOC and want to continue to work in a SOC? Uh when you have a tool that is now largely doing a lot of the work for you and then saying, here you go, here's the answer. Um, as you just said, right, LLMs don't often like to say, like, oh, I'm not really sure about this. So, what kind of new skills, what kind of new mindset does an analyst with one of these tools have to bring to the job to make sure that they're not enabling mistakes?
SPEAKER_01Yeah, uh really good question and discussion we have with uh a lot of partners now. I would say not just analysts, but anyone in this world now that is working with AI. Of course, critical thinking should be the first um the first one that I bring to my job. Um how are you so sure? How do I build the mechanisms where I'm able to poke and check? So that's for a singular case, right? Am I able to look into a singular case and say, and I need to say quite rapidly that does it look okay, or maybe there is something off here? And this critical thinking, knowing to ask the rest question, and for the product, the ability to surface that in a way that it's easy for me to consume. But that's on a singular case. And now when we look on a swarm of agents working on top of all of my cases, my ability to move from a singular case validation into agent's governance. Right? And here I see very much like we call it instant promotion, right? Very much like I have a lot of employees, I need to look into those, I need to do QA of the work. Sometimes I micromanage, and sometimes I know to back off where I see it's working well, and then it's really behaving in the same way. And again, I think that's the role of the product to simplify it for you to be able to do it in a very easy way, to validate that it's working fine, to know on the cases that are controversial, and you need to look into for those agents to be able to raise a flag for you and say, hey, I have a problem here. Um so this is the role that we're seeing that is changing in its ability itself. And then, of course, when you need to, who can and utilizing that, then the other thing is to be able for you yourself to know how to leverage AI to its maximum. And we really see that in software engineering. We really see the difference between engineers that know and build their system and kind of sharpen the saw. Um, like Stefan Covey says, I really like this uh quote of yeah, you need to sharpen your saw with AI, it's not always coming out of the box and just works. Um I do think prompt engineering is something that is not going to last, but there's gonna be always the new thing of these power users who know how to utilize the eye to its maximum, and these are the ones, the people that I want in my soccer.
SPEAKER_00There's definitely a whole realm of skills, right, related to this. And not only are they new skills, but those skills themselves are continuously changing at lightning speed, right? What was useful this week might be completely superseded by something that that's invented next week. Uh, to the best of your kind of um ability to predict this kind of thing, if we look maybe a year to three years into the future, right? Uh I write a course for SOC analysts, right, to teach them what they need to know and what they don't need to know. Um, in your opinion, what skills are going to become more valuable and what skills might become less valuable in the next one to three years?
SPEAKER_01So I do think you will still need to be able to look deeper into what the AI has done and deeply understand it. I can't remember who said that they to be a good engineer, you need to understand two layers below of what you're doing. So if I'm writing C, I need to understand assembly and how it works below that. And if I'm working, we all leveled up now, right? To work at the management layer. So I can see results. I do need to understand still how these are working and how those are utilizing my tools. Um, if not, I don't think you'll be able to spot problems. And um I think it will just leave you useless in case of actual incident. So we don't want to be there. That that's one. As in, I don't really think we can uh ditch all the technical part of being a security analyst and understanding our platforms. And attackers are not giving us easy lives. Um and yeah, when we think about it, the it's great AI is coming for helping the security teams. It's also coming to help the uh attacker side and yeah, with uh capabilities such as uh Mythos or Mythos are like uh not even putting into if this one or another, but we all understand there is going to be very strong model on the other side. We are doomed if we are not doing our work faster, better, and uh with higher quality. So one thing is to be able to be technical, um, the other uh really understand how things work, the other is to leverage AI to its maximum. I know it's changing, but I think the learning muscle is the one that I would uh expect for each of our employees, from myself, first of all. And um, yeah, I think to be able to learn and adapt quickly to new technologies, to new AI systems is uh second. And the third one is the critical thinking, the ability to lay down different hypotheses, challenge with uh like um challenge what you're seeing and ask the rest question, the right question in order to see if there is actually something in here or not.
SPEAKER_00Is there any skill that you think is going to be the one that is like no longer needed um and just kind of goes away now? Because not only is it automated, but we just don't even need to know the technicals behind it. Or do you still think we pretty much need to know like the basis of how to do things the hard way?
SPEAKER_01So a few years back, right, we we've had, and maybe in some organizations still, we've had a team doing endpoint, another team doing phishing, another team doing a cloud. It it's now converging because it gives me as an analyst the ability to handle more cases. I can work with the chatter better and understand them. So it did expand my coverage. I still think that you. need to be very technical with your capability in the domain that you need to handle eventually. Yeah, there are some skills that I think they're going not going to last. One of them is to be a master at query languages. I guess model's gonna keep up on that and at some point we don't need to know much more than English in order to get the data. We need to understand the data but maybe not to get it. Like to query that in all different languages. Need to think more on that.
SPEAKER_00That's a tough one, right? It's it's one of those things where you know I've been thinking about this now for I guess probably years. It's like every time I think ah AI is going to make that thing easier to do, it still comes back to but how do I verify the AI data? Well I still have to know how to do it. Right. So the query language was I think is probably one of the best answers to to that is like yes knowing how to write a query the hard way might not be as necessary in the future because there you can if you have the right language and the right prompt, right, do a correct conversion from whatever search you want to run. And LLMs are great at translation, right? No matter what the language is to and from. So that that's probably a a really good and it bridges the gap from both sides.
SPEAKER_01So both from the product that creates the query language and from the different uh LLMs and tooling so eventually I think this gap is just not going to last. There is a change that we see that maybe we don't a change of how the SOC is going to be built right and the smart teams they help their people to grow into an L2, L3 but yeah I think there's the tierless SOC is not the dream. It's coming into a function we see it with a lot of teams there's a set of people smart people that can handle a lot of different cases and you don't need a lot of tiers in the way you just want people that can close the loop end to end. And now they have the power to do that because a lot of the grant work could be offloaded completely.
SPEAKER_00Do you think that there's going to be an issue teaching people the fundamentals and if so how do we approach getting people to learn how to do it the hard way when they grow up and they go to school and maybe any formal education they have all assumes access to AI and AI powered tools. Is that a going to be a new challenge that we have to approach?
SPEAKER_01Definitely not not just in security but in any education and that that's why I was saying critical thinking is a tool that will be needed anywhere. And then exams are going to change right so if I would have to write an exam for an analyst today I would give it to them with the summary that the agent has done the investigation and give them 10 investigations and tell them which one is the one which it got it got it wrong. Good luck. Right and this is hard because you get 10 items which in all of them the agent is 100% sure this is a false positive. Now find me the one that it missed. And then you'll figure out through working with the chat, through working with him like asking the right question again guiding it to the right data etc that you need to be able to apply this critical thinking and to understand what's coming in underneath in order to pass such an exam. And I think that's going to change all across education not just in security but anywhere.
SPEAKER_00Yeah the skills are similar right it's either doing the work from scratch or it's verifying the work was done correctly. You still need to know how it was done but you're starting with the end uh and a claim that it's correct versus here's the evidence, you come up with the conclusion, right? In a world where nine out of 10 or 99 out of a hundred or even more of these investigations are correct, are there any hints that analysts should be looking for that like ah this is the needle in the haystack that might be the one that I need to dive a little deeper on? Because what I worry about is like people get so used to it being right that they just completely pass over it like ah it's right again. And then they completely miss the attack.
SPEAKER_01We transform alert fatigue, right? We so we got so used to it getting wrong to agent results fatigue or whatever you name it that we got we will get so used to it get it right. Now this is where I think there is a change and a shift in the work of uh what I call governance and mechanisms. We catch that we have mechanisms in our company to catch that and then yeah there's no 100% and but I think we all should be fully honest and aware and there is one CISO that then he told me like if you get it 80% right I think I I think you're better than myself. And now I don't I don't think it's the case for most of the SOC teams we work with or maybe we just chose the best ones but they're they're really good at what they do. But um yeah we also make mistakes and um I think the like any part in security we bull we build multi-layered security. We don't create one critical point of failure. And it's gonna be the same thing. If there is not enough confidence let's bring in a judge let's add in a QA layer both from us and from a gentic that is more expensive for example and we can't utilize that at scale there's lots of mechanisms of how to do governance right and I think same thing like was done in manufacturing that you want to do a governance that nothing no Tesla is being created completely broken. And we're going to have exactly the same thing for any AI output.
SPEAKER_00Yeah. Yeah it'll be interesting to see how that um problem is solved across different kinds of industries and team sizes and and all of that right it's uh still kind of an open problem in in some ways and I think there's going to be obviously plenty of mistakes made along the way and some some best practice that emerges here in the near future but uh it's interesting and and fun to be kind of on the uh the cutting edge of this um one thing that also comes up a lot in class is you know there's a couple paths like once you have this capability clearly we're we're increasing the bandwidth of things that your SOC can do right when you when you have most of the investigations mostly done for you um you could either take that capability and have a smaller team and say where we needed 10, now we need three or you could take that capability and say well look at how much we can still do now with 10 people but um ultimately the question I'm trying to get to here is do you think more teams and maybe from your experience do you see more teams reducing headcount after they have these things or are they doing more uh now that they have this with the same headcount?
SPEAKER_01So at least from what we see today I mean I don't see them completely reducing headcount yet because there is understaffing for a lot of things that we wanted to achieve in security and then eventually in many cases it goes back to the leadership approach on I would say the company and AI in general if there is and I haven't seen staff reduction only in security team. If there is a complete layoff sometimes around the globe do they take from security team? Yes but I don't I didn't see it necessarily going directly because okay we have AI for stock now we can reduce the team no I see they're doing amazing things increasing the bandwidth of what they can handle and making the organization more secure so if I don't need to waste my time anymore on 80% false positives now I can actually put that into hunting threats, into building mechanisms of prevention that are stronger than before, into improving my threat modeling and how do I handle these cases of supply chain attacks that are coming any Monday or Thursday nowadays. So yeah I see a shift of focusing on a high value type of work which either agents don't yet do or wouldn't do at all in in the near future and I I see the flexibility teams are creating in that exactly in these changing roles.
SPEAKER_00That was one thing I was going to ask directly is like what are people doing with the extra time? So higher value work you said um is that continued further automation? Is that better detection engineering more threat hunting uh any any one area of focus that you see people shift to once they free themselves up from the grind of you know alert fatigue and other things they may have had in the past yeah so first of all we were limited by some set of guardrails right what we had calculation of SOC capacity.
SPEAKER_01This calculation has completely changed maybe I wanted to discover 20 more use cases that put us under risk but I couldn't even say that because my SOC is 100% 120% capacity. So no you can't add another detection even though it seems to be an interesting and can be valuable one. So I can I see teams increasing the coverage of what they investigate dramatically 500% 1000% of what they used to investigate. This is definitely one thing that we see out there another thing around threat hunting and the ability to put more time into doing actual threat threat hunting for many teams was a dream. If you're not well funded it's really hard to come up with um taking a day, building hypothesis running them on top of your data again you used to need to know how to query this data in all different sources and now maybe that's some of it is solved. So threat hunting and I would say the last part is branding more simulations. I see that also in the rise and then great now we have another mechanism that closes the loop let's test that in all the variations where I can and then spot more holes before those become actual breaches.
SPEAKER_00That matches a lot with what I've heard right there's a lot of teams out there that are understaffed and given a higher bandwidth to take the junk out, right? More threat hunting something they'd love to do more coverage more uh you know of everything really that's the more exciting stuff. So it's glad to hear that that's what a lot of people are able to unlock with this. Uh being able to do more of that is generally assumed to be a good thing. However, how do we know that when we add these tools we're actually increasing like our security effectiveness, right? Like business outcome level um how are we looking at these with different metrics or how are you measuring the efficiency and effectiveness of a SOC that has these kind of tools?
SPEAKER_01So this is a really good question because we're um debating a lot and how to measure ourselves with our customers of course but uh how to measure the actual impact because okay let's say you've added another thousand alerts in a month and all of them were cleaned out is it better or not? And then I think there's some metrics that we've concluded that are good. So one of them is um early detection are you able to catch threats at the left side of the mitre attack metrics versus the right side of the mitre attack metrics and right and how many of those Ceph one Ceph0 do you have in in in a month for example now it's very hard to measure because there are external factors that will impact that right if there's NPM breached every week then you're gonna have CEP1 uh at least until you know that you're not impacted. And and so it's still hard to measure but yeah we're trying to measure how much actual impact are we seeing that impacting the environment and and how much of those did we manage to detect early and I would say we are not fully there yet but we would want to measure prevention. And we would want to measure okay it's great we don't want to get to like in a perfect world which will never happen but we don't want to get to detection right we want to make it hard enough for the attacker to ditch us and go to some other organization. This is our goal. So we would want to see are we actually preventing cases that might have been putting us at risk? And so yeah shift left and shift left squared that's how I call it shift left just from investigation response to detection and to prevention.
SPEAKER_00And even that prevention right um depending on the definition you're working with there uh could mean one thing or another team by team and and org by org. In my mind prevention is often about did the attacker achieve the ultimate goal they set out to achieve right the red team's attackers don't win if they break in, fish someone and then they're cut off, right? Yes, they got a password but they didn't do anything with that password. Now there's some collateral damage there you got to do some investigation and cleanup but ultimately they didn't get anything right so was that a prevention or was that a detection? Well a little bit of that is in the definition but what we do know which is from the business perspective the thing is like nothing secret got out right there was no expensive data breach. There was no forensics and other kind of uh you know we didn't have to to call the SEC and report you know that that things got out and there's no massive expensive problem that comes out of that. So yeah I think that's probably one thing where if you can look at maybe where a SOC team starts and then where they are after uh gaining these capabilities and looking at the the delta there between one you know before and after um that's where people can start to maybe say like ah yeah here is the actual difference that these tools are making. So that can be one approach.
SPEAKER_01Exactly did I manage to contain it earlier. Right if I catch it at a time where the click fits just that running maybe I'm not impacted yet. And then that that's why the shift left from the right side of the miter from the impact side left to the early detection prevention. And eventually it's a in many cases it comes down to a numbers game right if you have a large top of the funnel a lot of things are coming in you didn't prevent anything you're very open and S3 bucket is open to do it maybe you'll detect some things and be able to prevent them but the next one maybe you missed. So we want to make sure the numbers game is being cut off at the beginning before we go down the path of we need to take containment action. Definitely um different kind of question uh these tools are ingesting a lot of malicious content right it could be malicious command line commands malicious emails and in a world where attackers know the AI is going to be reading whatever they're using how do you prevent your platform from becoming its own threat vector with prompt injection attacks and those sorts of things 100% as I said the my previous uh work I've been on working on security for AI and there we already saw even attacks trying to direct to Microsoft security copilot for example commands that are specifically directing into that in command line emails with invisible characters that are directing to a deaf phishing um investigator so first of all it's here it's not something futuristic it maybe not as common maybe not in every attack but it definitely it's gonna get there. Now this all goes back to the security for AI practices how do you separate the control plane and the data plane how do you do external validation do you have some layers of detection on things that look wrong to begin with before it even reaches the AI and yeah we support all of that defense evasion in a sense is gonna definitely be around as well if AI is in defense how do I evade that and yeah I think it we've had the exact same um problem with ADRs right and now everybody looks like a developer when they're leveraging cloud code for the ADR is really hard to defer between this way or another and um yeah it's not LLM it's just an EDR and other type of machine learning that people try to evade. With that um have you seen a SOC like an AI enabled tool uh in a SOC attacked in a way that's been effective or do you have any specific examples of of what you've seen where you know if a SOC is worried about this right like how can they detect it uh and and those kinds of things yeah so uh first of all I would urge anyone to simulate a bright heartly first of all it's good I I think part of the knowledge and the skills that we said that are needed to be learned critical thinking is also to be able to know what are the risks of AI, how to do a prompt injection, how to jailbake a model. I was so excited doing that for uh any of the off-the-shelf models and others and now it's it got much harder I think Pliny Deliberator is maybe the only one who's still uh really good in getting out of any model out there. Um but um I would test it um again and again to see that uh I'm able and build the testing capability to see that I'm actually and again this is something that I would expect the vendor to provide but to see that I'm I know that if something like this will come I will be able to defend by it. I think the first layer of prompt injections and these kind of things are also from the models provider. It's a problem of AI alignment they're dealing with it quite a bit and it's harder now than it used to be before so if you have a good um layer of prompt and judging mechanisms it's harder to do so only from the data that you as an attacker create. You don't necessarily control all the data right that comes in into the models and but it's still going to be there and uh like um physically there is still a way for an attacker to inject content into what the AI stock is looking at and yeah definitely it's something that you want to test.
SPEAKER_00So the the typical red team approach right but now we have a new avenue that we have to worry about and potentially consider. Definitely a question on this so to the idea of testing and other things like that you mentioned mythos earlier mythos is going to do a whole bunch of testing in all sorts of realms that this could be one of them certainly in a world where SOC teams are enabled by these kinds of tools and there is a let's say publicly available mythos level LLM that attackers can use long term what do you think is the trajectory are blue teams going to be pulling ahead of attackers or are attackers going to be enabled in a way that is still going to be able to overwhelm defenders one thing I like about working in Security Word is that the problem space is continuously growing.
SPEAKER_01It makes our job very interesting and sometimes it's harsh but that's the real truth and I think a lot of people come for security for that it's gonna continuously I believe that it's gonna continuously grow there is not no table stakes or like a status quo of okay we're gonna we got to a point where we are detecting everything and preventing that and attackers are going to say ah no okay I'm fine I'm gonna go home and find another job. That's not gonna be the case right and if we do the math today SOC teams handle between two to three criticals every week and there's a a lot of things they don't even look into. And now if you multiply the volume and giving these capabilities right to the attacker by order of magnitude and you add AI generated polymorphic payloads that change hashes per victim you add supply chain compromises like Axios and you add less radius to grow the math gets harder it's it stopped being mathematically possible to handle human speed at the current architecture. So I think you just there is no other way from how we adopt and grow and utilize that in the right way and then maybe we get to the equal state and yeah attackers have less regulations and they have less concerns and I think um in many cases there is this people say right as an attacker you need to be one time right. I disagree with that you need to be a lot of times right in order not to get catched especially if the blue team has a lot of very strong tools but they will continuously try and we will continuously try to stop them.
SPEAKER_00Right so the cat and mouse game continues and uh employment is still going to be around for a while so we don't need to worry about it right yeah excellent all right well thank you so much for your time Warren uh if people are looking to connect with you ask questions or otherwise uh where can we find you online?
SPEAKER_01Amazing so reach out to me on LinkedIn it's uh Oran Saban O R E N S A B A N very excited to talk about any topic uh around this world uh or not I'm a diverse person so um yeah please reach out all right fantastic thank you so much uh super fun conversation on one of the hottest topics out there appreciate your time and uh thanks for joining me on Blueprint.
SPEAKER_00Thanks so much John it's great meeting with you. So a few things stuck with me from that conversation. The context problem is a serious one. These tools are only as good as the organizational knowledge that you can feed them and most SOCs have not done that work yet. Also the analyst skill that matters most right now isn't going to be writing queries in a specific query language or detection logic. It's the ability to look at an outcome from an AI investigation that appears to be very confident and know when to question it. That's a different John than we had just a couple years ago and it's worth thinking about how you're going to approach that problem and whether your team is training for it. Thanks to Orin for his time and the links to where to find them are in the show notes. If this episode was useful share it with someone running a sock who's wrestling with these same questions and trying to figure out what to do with all of this. Thanks for listening and I'll see you on the next one.








