Ep137: AI Without Borders - Extending analyst capabilities across the modern SOC

Gagan Singh of Elastic discuses how agentic AI systems reduce analyst burnout by automatically triaging security alerts, resulting in measurable ROI for organizations

Topics Include:

• AI breaks security silos between teams, data, and tools in SOCs
• Attackers gain system access; SOC teams have only 40 minutes to detect/contain
• Alert overload causes analyst burnout; thousands of low-value alerts overwhelm teams daily
• AI inevitable for SOCs to process data, separate false positives from real threats
• Agentic systems understand environment, reason through problems, take action without hand-holding
• Attack discovery capability reduces hundreds of alerts to 3-4 prioritized threat discoveries
• AI provides ROI metrics: processed alerts, filtered noise, hours saved for organizations
• RAG (Retrieval Augmented Generation) prevents hallucination by adding enterprise context to LLMs
• AWS integration uses SageMaker, Bedrock, Anthropic models with Elasticsearch vector database capabilities
• End-to-end LLM observability tracks costs, tokens, invocations, errors, and performance bottlenecks
• Junior analysts detect nation-state attacks; teams shift from reactive to proactive security
• Future requires balancing costs, data richness, sovereignty, model choice, human-machine collaboration

Participants:

• Gagan Singh – Vice President Product Marketing, Elastic

Additional Links:

• Elastic – LinkedIn - Website – AWS Marketplace

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/