Palo Alto Networks Debuts New ‘Autonomous SOC’ Technology

Nir Zuk, founder and CTO of the cybersecurity giant, tells CRN that more AI and fewer humans are the future of Security Operations Centers. ‘[Humans] cannot do all the work that‘s required —to look at all the data all the time and figure out if something is going on,’ he says.


Palo Alto Networks has deployed its early stage “autonomous SOC” technology to about 10 design partners as part of an attempt to make Security Operations Centers more efficient and less dependent on human beings.

Nir Zuk, founder and CTO of Palo Alto Networks, outlined the concept of so-called autonomous SOCs during a keynote address Tuesday at the RSA Conference in San Francisco.

During his keynote speech, Zuk referred to Palo Alto Networks’ development of new-style SOCs that depend more on AI and machine learning tools and less on human oversight of data designed to detect and prevent cyberattacks.

Sponsored post

[RELATED: 10 Women Who Are Making A Difference In Cybersecurity]

“This technology is happening right now,” he told RSA audience members at the Moscone Center North in San Francisco. “We’re building it. We’re running it.”

In an interview with CRN, Zuk gave more details about what exactly his company has built and deployed— and it involves about 10 companies that have installed Palo Alto Networks’ new autonomous technology within their own SOCs.

“It is deployed with quite a few very large design partners of Palo Alto Networks,” said Zuk, who didn’t reveal the names of the partners. “And they are helping us make that system generally available.”

Autonomous SOC Technology Already Deployed

Asked if the technology is effectively being beta-tested, Zuk said the company’s automation product is more fully developed.

“It‘s beyond beta-testing,” he told CRN. “It’s just that we prefer to perfect it with 10 design partners that are using [it].”

Rick Caccia, senior vice president of marketing at Palo Alto Networks, confirmed the company has now deployed the autonomous SOC technology at about 10 mid- to large-size companies.

Though more data needs to be collected on the effectiveness of the technology, Caccia said the companies now using it seem happy with the results they’ve seen.

In fact, one company was so pleased it eliminated its Security Information and Event Management tools, Caccia said.

In addition to sharing the technology with design partners, Palo Alto Networks is using the new technology in its own Security Operations Center, Caccia said. Among other improvements, Caccia said the system has dramatically reduced the number of duplicative alerts about possible breaches.

In recent years, a number of organizations have pushed for greater automation of SOCs, saying there’s simply too much data being generated for human analysts to adequately monitor and act upon.

If the new autonomous SOC technologies work as planned, they could lead to significantly fewer human SOC analysts and that’s concerning to at least one channel player.

A ‘Double-Edged Sword’ For The Cybersecurity Industry

Rick Smith, owner of Renactus Technology, a Union, N.J.-based MSP, said development of autonomous SOCs is a “double-edged sword” for the industry.

On one hand, it has the potential to improve the efficiency of SOCs to detect legitimate cyberthreats. But part of the original idea of SOCs was in fact to have human beings involved in detecting and responding to -hacks, he said.

“It’s a concern of ours,” said Smith of the new SOC technologies. “It’s not a big concern right now. It’s too soon to tell how this will play out.”

Smith, who co-hosts a podcast called “MSP Unplugged,” said Renactus Technology doesn’t own a SOC, but it does contract with others for SOC services.

Zuk emphasized there will always be a human component to SOCs. “You’ll need human beings because there are things that the machines just cannot do,” he said.

But he said the operational focus of SOCs need to shift from human beings to automation driven by AI and machine learning tools.

“[Humans] cannot do all the work that‘s required —to look at all the data all the time and figure out if something is going on,” he said.

He said he sees increasing investments in automated SOC solutions.

“I believe that, relatively quickly, we‘re going to see budgets that go towards adding more and more automation to the SOC,” he said.

Among those pursuing advanced SOC technology is Cambridge, Mass.-based Devo Technology, which recently raised another $100 million from investors to further develop its own autonomous SOC product, as well as build out its overall business.