Visibility Helps SOC Analysts Win the Race to Leverage AI

In our last post, we looked at how AI stands to drive up the cost of running a modern data center by 5X or more and delved into the rising costs of high-end hardware and GPUs, increased power and cooling, and skyrocketing cloud costs. On the other side of the coin, we saw that AI is already enabling operational efficiencies that offset the rising costs by avoiding outages, improving management, and automating troubleshooting.

All that is true of the modern SOC as well. In this article, we’ll look at how AI stands to fundamentally change the cybersecurity landscape in three profound ways:

  • Making it easier for cybercriminals to build and scale advanced attacks
  • Expanding the digital attack surface
  • Automating and accelerating SOC operations

AI accelerates the entire attack sequence

Once again, AI gives with one hand and takes with the other. On the threat side, Michael Freeman, head of threat intelligence at Armis, predicts:

“By mid-2026, at least one major global enterprise will fall to a breach caused or significantly advanced by a fully autonomous agentic AI system. These systems use reinforcement learning and multi-agent coordination to autonomously plan, adapt, and execute an entire attack lifecycle: from reconnaissance and payload generation to lateral movement and exfiltration. They continuously adjust their approach based on real-time feedback. A single operator will now be able to simply point a swarm of agents at a target.”

Experts also predict that AI, and agentic AI in particular, soon might be able to orchestrate an entire attack lifecycle from reconnaissance to delivering a payload to lateral movement and data exfiltration. This would allow an individual adversary to perpetrate campaigns that once required whole teams working together.  

The likelihood of security-related outages rises

As we’ve noted before, a report from Ketchum & Walton Co. found data center outage costs can reach as high as $9K per minute for large companies and even small-to-mid-sized businesses (SMBs) losing $427 for every minute of disruption. And IBM’s Cost of a Data Breach Report 2025 showed the average global cost of a data breach reached $4.44M.

Expanding the digital attack surface

Not only will AI equip threat actors with a potent force-multiplier, it will also expand enterprises’ cyberattack surfaces as new prompts, configuration errors, and poorly secured systems – i.e, security is an afterthought — create exploitable new vectors.

On the positive side . . .

AI is already paying dividends within the SOC

Gurucul’s 2025 Pulse of the AI SOC: AI Enters the Equation found that 87% of organizations are actively integrating AI into their SOC operations. Nearly 80% believe AI-powered automation will be mission-critical within the next 24 months:

  • 45% already deem AI essential
  • 31% are already using AI across multiple workflows
  • 34% are conducting targeted pilots
  • 22% are evaluating potential use cases

While AI-led threats compound risk, automation is helping SOCs offload repetitive tasks, reduce human error, and accelerate response times — making it foundational to modern security operations. Organizations that have embraced AI are already seeing measurable benefits with at least 60% of adopters reporting 25% faster investigation times and 25% citing reductions greater than 50%. 

Source: Gurucul

AI-Powered Visibility Puts Time on Defenders’ Side

As has always been true, monitoring tools are only as accurate and valuable as the data you feed them. This is especially true of AI-enabled tools able to “train” themselves.

Building a scalable, modern network visibility infrastructure helps enterprises ensure tools get accurate, actionable insights in real-time to detect anomalies and initiate the right response — all without overwhelming your monitoring tools.  By providing a foundation for scale, training, and collaboration, a modern network visibility platform helps businesses:

  • Avoid downtime
  • Prevent breaches
  • Optimize operations and ROI  
  • Maintain compliance

For the modern SOC, highlights include:

Removing duplicate traffic to improve security tool utilization 

Duplicate traffic typically represents up to 30% of traffic sent to security and performance monitoring tools and mirroring the same traffic to multiple tools drives up traffic ingestion, bandwidth and utilization costs.

Overwhelming tools with irrelevant traffic can degrade performance potentially hindering detection and response instead of helping. Building operations on a strategic foundation like Keysight’s Network Visibility platform eliminates unnecessary duplicate packets and data flows helps minimize costs associated with ingestion, bandwidth/connectivity and storage – any element priced according to data volumes or solution capacity. 

Making traffic instantly actionable

A visibility platform adds metadata and intelligent filtering by application, user, device, location, and other variables that your team can use to refine data for analysis.

Running multiple monitoring agents directly on packet brokers

Keysight’s Application Fusion Program enables AI-led monitoring agents to run onboard our Vision network packet brokers (NPBs). Companies can deploy AI-powered monitoring agents from multiple Keysight alliance partners and avoid up to 50% of overall incremental CapEx and OpEx costs associated with hardware, CPU, GPU, cooling, and licensing fees. 

[activecampaign form=1 css=0]