2024 was a year of transformation, with a focus on capturing excellence in security analysts and integrating their skills into Autonomous SOC solutions. This includes delivering accurate results through AI-driven analysis that mirrors human expertise. By providing our AI SOC analysts with access to comprehensive evidence, cutting-edge analytics, high-quality threat intelligence, and the ability to learn and adapt, we empower SOC professionals who use our solutions to make an impact. Guaranteed results.
Here we outline the key areas where R&D has made significant advances by re-engineering the way SOC teams triage alerts.
Expanding AI SOC coverage across alert types
We prioritized expanding the ability of our AI-driven platform to handle different types of alerts. Extended coverage from endpoint and phishing alerts to phishing, identity, and cloud-based threats ensures comprehensive security monitoring. Across over 500 customer environments, our platform processed over 5.4 million alerts (alerts, not logs!) in 2024.
Here’s how these alerts were distributed across categories:
Category Alert Share Endpoint 47.33%Cloud 26.96%Identity 8.56%Network 6.94%Custom 5.56%Email/Phishing 2.77%DLP1.87%
This evolution enables customers to efficiently and effectively manage their entire alert landscape.
Strengthening integration and partnerships
New and enhanced integrations improve platform interoperability and simplify security operations by connecting tools and streamlining workflows. These integrations address common challenges such as siled data, inefficient manual processes, and lack of visibility, ensuring unified, actionable insights.
SIEM integration: Added SIEM integration this year with native support coming soon for Splunk, Microsoft Sentinel, Microsoft Defender XDR, Elastic, CrowdStrike Falcon LogScale, IBM QRadar, Sumo Logic, Devo, Stellar Cyber, Rapid7 InsightIDR, Wazuh, and more will be added to. Identity Integrations: New integrations with identity providers like Microsoft Entra ID and Okta provide rich user data and login activity analysis. Microsoft Partnership: Integrates with the entire Defender Suite, including Microsoft Defender for Endpoint, Microsoft Defender for Cloud, Microsoft Defender for Office 365, Microsoft Entra ID, Microsoft Sentinel, Microsoft Defender XDR, and makes Intezer available in the Azure Marketplace.
Improving the quality of AI triage and analysis
Ensuring and improving the quality of triage and analysis is a core focus for the Intezer team. The accuracy of our AI and decision-making is directly influenced by the quality of the data we access and our analytical capabilities. This is why we have invested heavily in this area to ensure we deliver the best possible results. We introduced the following.
Advanced evidence collection: Automated evidence collection includes everything from files, networks, memory, logs, email, identity data, and the cloud, including collecting direct end-user feedback about anomalous activity. Masu. Analysis tools and threat intelligence: Upgrades to file scanning, memory scanning, endpoint forensics, network analysis, and enhanced, high-quality threat intelligence collected from our partners and internally by Intezer’s research team. AI infrastructure enhancements: Upgraded underlying AI models, with better tuning options, new AI-based triage use cases, tested at scale, and now running successfully in production .
Customized AI solutions for MSSPs
We have enhanced the MSSP client to improve subtenant management and enable seamless operation in multi-client environments. MSSPs can now connect large numbers of clients and integrate them directly into their workflows with maximum flexibility. This includes direct integration, detailed APIs, and webhook notifications that allow MSSPs to send Intezer triage data and recommended actions to SOAR or a custom platform for action.
AI SOC results and validation
In 2024, we introduced a rigorous accuracy testing process to validate the results produced by our Autonomous SOC platform. This process includes:
Manual alert review: Approximately 5% of all alerts are manually reviewed by Intezer analysts and users. Random sampling: Intezer’s expert analysts evaluate the performance of a random sample of alerts. User Feedback: Security experts approve or reject triage decisions, adding a layer of real-world validation.
This dual human-involved approach ensures reliable results calculated with a 95% confidence level and less than 2% error.
Data in 2024: AI results that matter to SOC teams
Our tests revealed the following excellent results:
Final classification: 80.93% of alerts were reliably classified as confirmed threats or false positives. (Other alerts received questionable or inconclusive verdicts, with evidence collected and recommendations for further analysis.) Rapid investigation: Alerts were processed in an average of 2 minutes and 21 seconds. Escalated alerts: Only 3.81% required escalation, and the accuracy rate was 93.45%. No-action alerts: 68.40% were resolved without any additional action, achieving an accuracy rate of 97.68%.
These metrics highlight the reliability and effectiveness of Intezer’s Autonomous SOC solution, delivering measurable impact and giving security teams the confidence to focus on key priorities. Our commitment to accuracy and transparency allows new customers to trust Intezer’s technology to deliver consistent, actionable results.
Ending 2024 with confidence
This year, our platform has proven that an “AI SOC” is not a distant dream but a reality, delivering tangible results and reshaping cybersecurity operations. From expanding our coverage and integrations to improving our triage and MSSP support, we’ve built a stronger foundation for our customers’ success.
As we move towards 2025, we are just getting started. We have great plans to deliver smarter, faster and more effective security operations. This is just the beginning.
I can’t wait to see what happens next!
Roy Halevi
Roy Halevi is Intezer’s CTO and co-founder. Spearhead the research and engineering operations behind Intezer’s Autonomous SOC technology. His extensive background in software development and big data architecture at IDF facilitated his entrepreneurial journey. In his leadership role, he developed highly competitive skill sets, including the ability to conceptualize and develop innovative cybersecurity technologies to counter state-sponsored attacks.
Intezer’s autonomous SOC platform is now available on Microsoft Azure Marketplace
Source link
