SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ps image003 2
#
SIEM
#
Cloud Security
#
Advanced Persistent Threat Protection

AI transforms security operations centres with faster responses

Mon, 18th Aug 2025
Author image
By Melvin Hipolito, Editor

Security operations centres are being transformed through the deployment of artificial intelligence, significantly altering how organisations respond to cyber threats.

The traditional security operations centre (SOC) structure, which relied on human analysts to monitor alerts and investigate incidents, is increasingly giving way to systems powered by AI that are capable of managing these tasks autonomously. This is not simply an incremental improvement or an addition of advanced tools; it represents a fundamental change in how organisations approach cybersecurity to address evolving threats.

Earlier SOC technologies were focused on assisting humans. Platforms for security information and event management (SIEM) aggregated logs, endpoint detection and response (EDR) tools offered endpoint visibility, and security orchestration, automation, and response (SOAR) solutions automated some workflows. Despite these advancements, most systems still depended on human operators for critical decisions and actions. This dependency created notable challenges, including alert fatigue, with many SOCs handling over 17,000 alerts weekly and managing to effectively investigate only a small proportion.

Modern AI-driven SOCs aim to address these shortcomings through technologies such as machine learning and behavioural analysis. AI agents can now independently investigate incidents by correlating data from various systems, distinguish genuine threats from false positives with more than 90% accuracy, initiate automatic containment procedures (such as isolating endpoints or blocking malicious traffic), and even apply patches in real-time when vulnerabilities are detected.

Gartner predicts that by 2026, these capabilities will allow AI to handle 40% of SOC tasks that currently require human intervention.

The implementation of AI-driven autonomic security operations provides significant business advantages. Response times are being reduced from days to minutes, or even seconds. Processes such as breach containment, which previously necessitated coordination across multiple teams, can now take place automatically. Perhaps most importantly, organisations can expand the scope of their security operations without needing to increase headcount at the same rate - a vital factor, given the estimated 3.4 million shortfall in the global cybersecurity workforce.

However, deploying technologies for autonomous security comes with its own set of requirements. Success depends on developing systems that continuously learn and adapt, implementing frameworks for human oversight of high-risk decisions, ensuring seamless integration with mixed cloud and legacy environments, and building measurement protocols to verify the effectiveness of AI solutions.

Practical implementation

Borderless CS has described its experience in moving past theoretical discussions and implementing practical autonomous SOC solutions. The company says its next-generation platform integrates autonomous threat detection with human expertise to offer real-time attack prevention using AI-driven behavioural analysis, guaranteed incident containment within one hour, continuous compliance monitoring aligned with ISO 27001 and SOC2 standards, and proactive threat hunting to spot risks before exploitation.

The results speak for themselves - clients experience 70% fewer false positives, 90% faster mean time to respond (MTTR), and complete visibility across their attack surface.

Emerging autonomous systems are capable of modelling attack scenarios to uncover potential vulnerabilities, strengthening defences automatically with up-to-date threat intelligence, and deploying containment strategies to limit the scope of an attack as soon as it is detected. These capabilities are being applied in operational environments today, but organisations continue to face challenges in fully integrating and operationalising them.

Steps towards modernisation

For enterprises seeking to update their SOC, the suggested pathway includes assessing existing processes, identifying opportunities for automation, starting with high-value use cases, and establishing methods to continually measure return on investment.

Borderless CS has stated that it offers complimentary security assessments to support organisations in planning the transition towards autonomous SOC operations. The company notes, "In an era where threats evolve by the minute, waiting to upgrade your defences isn't just risky - it's unsustainable."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
How Java will power secure, enterprise-scale AI by 2026
Zyxel firewall wins PC Pro Security Hardware award
Motorola unveils AI Visual Alerts for on-prem security
Seagate rolls out 32TB CMR drives for AI video surge
Silver Fox APT & PowerG flaws expose key security risks

Top stories

Codific sets 2026 priorities for boards on cyber risk
Punkt unveils MC03 privacy-first smartphone with Proton
CSPM set to vanish as machine identities drive risk
Pearson to deploy palm-print ID across global exams
DryRun raises USD $8.7m to secure AI-driven coding