Sergey Nivens - Fotolia
CrowdStrike touts agentic SOC to tackle security woes
By embedding AI agents across its platform, CrowdStrike is looking to help security teams automate repetitive security tasks, enabling them to focus on complex and stealthier threats that could slip under the radar
The role of the chief information security officer (CISO) is becoming untenable under the weight of mounting vulnerabilities, complex threats, and chronic alert fatigue, according to CrowdStrike president Michael Sentonas.
In response, the company is doubling down on agentic security, leveraging artificial intelligence (AI) to fundamentally change how security operations centres (SOCs) operate.
“We’re at the point where it's impossible to be effective when you think about all of the complexities that an organisation needs to deal with,” Senton as told Computer Weekly in a recent interview. “It’s statistically impossible to keep up with all of the vulnerabilities and the patching that happens. And it’s impossible to keep up with the number of threats and threat actors.”
To combat this, CrowdStrike has baked in AI capabilities across its entire platform to process telemetry and signals automatically. For its efforts, the company received an award last year from SE Labs, which assesses security products, for achieving 100% detection and prevention of cyber threats, with no false positives in stopping ransomware.
In transitioning organisations towards the agentic SOC, CrowdStrike has released a suite of purpose-built AI agents, including malware hunting agents, malware analysis agents, and triage agents. It also provides translation agents to help customers migrate from legacy systems, such as Splunk, to CrowdStrike’s next-generation security information and event management (SIEM) product, LogScale.
Beyond out-of-the-box offerings, CrowdStrike is also empowering security teams to build their own custom automations. For example, through its Charlotte AI AgentWorks no-code platform, customers can use natural language to build specialised agents tailored to their unique environments.
According to Sentonas, customers are already running hundreds of thousands of custom automations weekly, building agents for patching, reporting, compliance checks, and IT management. “If you can think it and you can script it, you can automate it on the platform,” he said.
Reshaping the SOC, not replacing It
The rise of security agents has inevitably sparked debate about the future of entry-level SOC roles. However, Sentonas noted that agentic security is not about reducing headcount. Instead, it’s about shifting human effort to the “tip of the spear” – the 1-2% of complex attacks that require human intuition and intervention.
“When people talk about the agentic SOC, they think they’re not going to need all the people – that’s not true,” Sentonas said. “What we’re going to do is to improve the quality of life for people in the SOC, because systems are really good at repetitive tasks. What they’re not good at is when adversaries are changing tactics and rolling out complex attacks that AI models may not be good enough today to deal with,” he added.
Sentonas warned against the idea of eliminating tier-one security analysts entirely, as that could create a talent pipeline issue for the cyber security industry in the longer term.
“If you don’t have level ones, how do you get to level three and four?” he said. “When you’re a level three or level four analyst, you have many years of experience and scars on the back. The technology today is not at a point where we need fewer people; the technology is going to enable people to do more high-value tasks."
While the appetite for AI in cyber security is high, Sentonas acknowledged that organisations are rightfully cautious about the risks of granting AI agents access to sensitive environments. “A big concern that people have with a lot of AI models is a fear of not knowing what they’re doing and not knowing what changes they make,” Sentonas noted.
To mitigate this, CrowdStrike operates its AI tools under a model of bounded autonomy, enabling security teams to have full oversight of AI-driven decisions and define when and how automated actions occur, making the technology suited for regulated industries such as banking and finance.
Ultimately, the effectiveness of AI agents hinges on the data feeding them. Leveraging a decade’s worth of security telemetry, CrowdStrike is also applying its agentic capabilities to threat intelligence.
Late last year, it introduced Threat AI, an agentic threat intelligence system designed to automate complex workflows, such as reverse-engineering malware, identifying code similarities, and generating Yara pattern-matching rules, at the speed required to counter fast-moving adversaries.
“The technology is here. It’s not going away,” Sentonas said. “People that will benefit from the technology in the long term are the ones who lean in today.”
According to Gartner, 70% of large SOCs are expected to pilot AI agents to augment their security operations by 2028, but only 15% will achieve measurable improvements without structured evaluations.
“The potential of AI agents to transform security operations and ease workloads is real, but only if approached with rigour and evaluated through an outcome-driven lens,” Craig Lawson, vice-president analyst at Gartner, wrote in a recent commentary for Computer Weekly.
“Every investment should be tied to measurable outcomes such as improvements in mean time to respond [MTTR] and mean time to contain [MTTC), reduction in false positives or analyst workload. Ask vendors for evidence of operational improvements in environments like your own before making any commitments,” he noted.
Read more about cyber security in APAC
- Singapore mobilised over 100 cyber defenders to neutralise a sophisticated APT actor which infiltrated Singtel, StarHub, M1 and Simba networks in the country’s largest coordinated cyber incident response to date.
- Japan’s Nikkei has confirmed a major data breach that potentially exposed the personal information of more than 17,000 employees and business partners after hackers infiltrated its internal Slack messaging platform.
- Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high.
- Philippine bank BDO is shoring up its cyber security capabilities to protect its data and systems as it moves more services to the cloud and expands its physical presence into remote areas of the archipelago.
