Why CrowdStrike Doesn’t See AI Replacing Security Analysts: President Mike Sentonas

Instead, the role for SOC (Security Operations Center) analysts going forward will increasingly be focused around orchestrating a ‘team of intelligent agents’ to boost cyber defense, Sentonas says.

For Security Operations Center (SOC) analysts on the front lines of cyber defense, the availability of powerful AI agents for automating routine security tasks means their roles are now becoming more essential, not less, CrowdStrike President Mike Sentonas said Wednesday.

Sentonas made the comments during a week that saw CrowdStrike unveil a major expansion to its portfolio of AI-related capabilities, while laying out its “agentic SOC” vision in front of 8,000 attendees at its Fal.Con 2025 conference in Las Vegas.

On the whole, agentic is “the foundation of the modern SOC,” Sentonas said during his keynote at Fal.Con Wednesday. “It’s elevating the role of the analyst. It’s not eliminating the analyst.”

Ultimately, “we need to go from analyst to orchestrator. We need to have the modern SOC with the analyst in the center, to start to work with a team of intelligent agents,” he said.

Notably, embracing this shift to the “agentic SOC” is made even more crucial by the fact that threat actors are clearly using the same AI-powered technology to dramatically increase the speed and effectiveness of their attacks, Sentonas said.

With the newly announced Falcon Agentic Security Platform, CrowdStrike said it now offers an “AI-ready” data layer that enables the expansion of agentic functionality across its broad security platform, ultimately providing faster and more-effective responses to threats.

The cybersecurity giant also debuted seven new agents for SOC analysts as well as a no-code platform for creating custom agentic tools, Charlotte AI AgentWorks.

While many security analysts have questioned whether their roles might be on their way to redundancy in the wake of GenAI’s arrival, those anxieties have begun to dissipate as the full potential for agentic SOC capabilities has become clearer, solution provider executives told CRN at Fal.Con this week.

For instance, solution and service provider powerhouse Wipro, whose SOCs employ 2,000 people, has seen a palpable shift in this regard, according to Tony Buffomante, senior vice president and global head of cybersecurity and risk services at Wipro, No. 17 on CRN’s Solution Provider 500 for 2025.

“My personal experience has been that the fear of our analysts who I spoke to a year ago — around, ‘This is going to take my job’ — has subsided,” Buffomante said.

In its place, there’s now a lot of “excitement” among analysts, he said.

The overriding sentiment now is, “‘This is really cool. Now I’m going to be able to do some higher-level things,’” Buffomante said.

Specifically, Wipro has intentionally worked to help overcome those fears around analysts with a strong commitment to “upskill and uplevel everybody” around new AI and agentic technologies, he said.

For many security analysts, the potential for AI agents to significantly improve satisfaction with their jobs — and even their quality of life and mental health — has been a massive factor as well, according to Chris Ebley, CTO at Blackwood, No. 93 on CRN’s Solution Provider 500.

Agentic offerings from CrowdStrike, for instance, show a major promise of being able to automatically handle the steps needed to determine that an alert is a false positive — the types of tasks that SOC analysts are inundated with on a daily basis, Ebley said.

This is a huge issue because for SOC analysts, there’s little satisfaction in taking on tasks where it’s highly probable that “you’re reacting to something individually that’s not a threat,” he said. “It’s hard to find the mission in that.”

The potential with agentic, on the other hand, is to eradicate the need for analysts to deal with monotonous issues such as false positives, according to Ebley.

In such a scenario, AI agents could perform the investigation into an alert, identify the issue as being benign, fully document what happened and close the ticket, he said.

“And a human never touches that process,” Ebley said. “That’s really attractive.”

All in all, CrowdStrike’s latest debut of SOC capabilities — which leverage agents but are fundamentally orchestrated by humans — should prove much more compelling for security analysts and MSSPs than competing visions of an “autonomous SOC,” said Chris Schueler, CEO of Cyderes, No. 98 on CRN’s Solution Provider 500.

The “autonomous SOC" concept is unfortunate, Schueler told CRN, and has helped to drive some of the fears among security analysts that they could be on track to be replaced.

“If done correctly, there should be excitement, not fear” about AI in the SOC, he said.

The bottom line for MSSPs such as Cyderes is that “we’re aligned with CrowdStrike in [advocating a] human-led, AI-powered SOC,” he said. “By casting the right vision for the SOC analyst, I think they’ll 100-percent start to see, ‘I can actually start to be a part of this mission of stopping threats, and not just be a cog in the wheel.’”