Pivoting From Reactive To Proactive.
Today, most cybersecurity professionals operate in firefighter mode, constantly pivoting to another crisis or deadline. But with the ability to operate autonomously to eliminate manual toil, identify vulnerabilities, anticipate risks and neutralize threats, AI is empowering more teams to proactively identify challenges and opportunities, helping turn cybersecurity from a cost-center to a key business driver.
“We shouldn’t be waiting for our metrics to tell a story. We should be proactively looking for issues, when things are breaking down. We want to know earlier so we can fix it quicker,” said Israel Bryski, the CISO at MIO Partners.
Functions critical to modern security programs, like threat detection or governance, risk and compliance, still require significant human involvement. Many specialists spend their time navigating multiple underlying technology solutions to manage alerts, document issues, and coordinate across departments. Their time is dominated by filling out spreadsheets and forms, examining policies to make sure they align with evolving regulatory demands, chasing down false alerts, reviewing metrics and navigating information silos. As a result, many breaches or potential security issues are discovered only after the damage is done. And investigations and recovery efforts are conducted under immense pressure from internal and external stakeholders.
In the new era of proactive cybersecurity, AI systems will do the tedious job of crunching massive datasets to correlate threat intelligence and deliver targeted, actionable insights to specialists. The technology will be able to help predict what could potentially happen so proper action can be taken and automatically run audits to identify gaps in compliance, whether in the company’s own solutions or vendor applications, as well as coordinate with stakeholders across the organization.
“We’ll be able to off-load a lot of repetitive, manual tasks,” said Andress. “If AI is taking care of the initial, reactive work, cybersecurity teams can be more proactive going forward.”
Armed with better insights and unburdened by tedious, low-value tasks, security professionals can focus on using their expertise to contribute to the company’s overall strategic growth areas.
“Bringing AI-driven automation removes bottlenecks, helps companies stand-up and scale key programs like compliance, and gives them real-time, continuous insight into how secure and compliant they are,” said Drata CEO Adam Markowitz.
Rethinking Security Operations Center (SOC) Teams In The Age Of AI.
The burden of monitoring environments, triaging alerts, investigating incidents, and coordinating responses has historically been a human task. But with the growing complexity of IT networks, as well as the increasing speed and scale of attacks, these tasks can and should be augmented with technology.
Consequently, a resounding 93% of IT professionals plan to, or have already deployed AI to help defend their digital ecosystems. But as AI systems begin to serve as the front-line defense, CISOs must reimagine SOC teams to more seamlessly blend human and artificial intelligence. This requires more than reworking workflows; it requires CISOs to retrain staff, adopt new technologies, rethink KPIs, and potentially even revamp the culture of the team.
By having bots handle the monotonous tasks, and humans the more complex ones, organizations will be much better equipped to anticipate threats on their organizations by ever-vigilant digital adversaries. For example, with an increasing amount of security information and event management solutions, logs, and telemetry data to manage, so-called “alert fatigue” is a very real problem for security teams. In fact, overwhelmed by the sheer volume of notifications, many employees miss or ignore important information. While the bulk of these alerts are likely false positives, it’s a risk businesses can’t afford.
POP-OUT BOX: 62% of the alerts received by the SOC team are ignored (source: https://www.msspalert.com/news/mssp-market-news-survey-shows-62-of-soc-alerts-are-ignored)
“We’ve created a big data problem for ourselves. We thought we didn’t have enough data, we needed a single pane of glass, so vendors found ways to show us everything. But I don’t think people realized how much ‘everything’ really was,” said Pieter VanIperen, CISO at Own Company. “With AI, we can determine with a much larger degree of certainty whether something can harm us or not, and that is going to drastically change things.”
Instead of hoarding every piece of information produced by their systems, fearing important data might be lost, companies can deploy a security data fabric to aggregate, normalize, enrich, and correlate only relevant inputs. Applying AI, they can then extract insights and reduce noise, enabling faster and more confident decision-making. With employees no longer having to chase down continual false alerts, they can refocus time to the high-value areas that AI can’t currently handle, such as advanced threat hunting, behavioral analysis, and adversary emulation.
This isn’t just a new way to store logs. It’s a complete rethinking of detection and response to cut false positives, boost analyst efficiency, and lower costs – all by eliminating unnecessary data. It’s just one example of how the modern SOC team isn’t going away. It’s just becoming more strategic – and better armed.
Securing The Application Layer.
Despite all the advances in detection, intelligence and automation, many of the most damaging breaches have the same origin: third-party applications. Whether it’s misconfigured OAuth tokens, exposed APIs or broken access control in continuous integration/continuous delivery pipelines, hackers are increasingly adept at exploiting weaknesses in third-party tools, leading to massive breaches at organizations like Okta.
“There’s been a lot of breaches related to out-sourced software,” said Bryski “If we don’t have good visibility into vendor accounts, than a threat actor can do whatever they want,”
In response, security teams are trying to regain control of their sprawling application environments, with a focus on uncovering unsanctioned systems, monitoring behavior and enforcing controls directly at the interaction layer, rather than the edge, to minimize risk. This requires a new level of visibility for most organizations, one that extends to everyone accessing the network, including full-time employees and contractors.
“We’re always using more third-party tools, the inventory never decreases,” said Andress. “AI can help identify what’s missing. Humans are good at reacting to what’s there, but we don’t think about what’s not there. AI can help call out gaps in our intelligence.”
Getting Identity And Access Management Under Control.
It’s a very real fear among CISOs: an AI agent trained to triage a customer complaint accidentally accesses internal personally identifiable information (PII) data. Suddenly, the company is exposed to potential legal risk – maybe without anyone even knowing it.
As agentic capabilities advance, so does the need for greater autonomy. But without visibility or control, this becomes a new class of insider risk. It’s why a future where AI machines act on our behalf to push code, move money, and approve workflows hinges on a critical foundation: identity. And not employee identity, but non-human identity (NHI).
“Identity is the foundation of every security program. And if your foundation is faulty, your program is going to be faulty,” said Bryski.
Many organizations have made significant strides in their ability to verify and manage the identity of the humans accessing their network. Now, there’s a massive (and growing) number of NHIs that must also be verified, monitored and controlled, including service accounts, APIs, and, increasingly, AI agents.
“Identity and access management is coming to a head. It is too big, too sprawling; it needs to be solved,” said Vanlperen.
But technology designed to protect against malicious human activity, like multi-factor authentication, doesn't work with machines. And as the challenge of managing NHIs becomes orders of magnitude greater, securing them and controlling access permissions is no longer just an IT concern; it’s a front-line imperative that extends across the business.
31% of CISOs worry about identity and access controls when it comes to AI-based applications, while 24% of CISOs are concerned about AI-based social engineering attacks. (RIC Survey)
Luckily, there’s a number of visionary startups already focused on NHI visibility, authentication, and privilege enforcement. With infrastructure that tracks agent activity, enforces least privilege, and audits actions across dynamic environments, businesses can reduce risk from increasingly autonomous machine behaviors.
“The big majority of identities are NHIs, and they are still being overlooked. And the way people are targeting this problem now is not scalable,” said Token Security CEO and co-founder Itamar Apelblat. “There’s a lot of identity management software for enterprises, but they’re very human-centric. And CISOs are being pushed to adopt agentic AI in their platforms, but they’re still struggling with controls in their legacy solutions, so there’s a lot of chaos when it comes to NHIs.”
%5B63%5D.png)
.png)
.png)
.png)
.svg)
%5B14%5D.png){kind=logo}
.png)
