This session dispels the myth of fully autonomous cyber defense. Using the example of a PowerShell alert on a production server, we demonstrate what AI is capable of detecting—and what still requires the judgment of SOC analysts. When the AI flags “Suspicious – 85% confidence,” the real work for the analyst begins: decoding obfuscated scripts, mapping TTPs using the MITRE framework, identifying C2 infrastructure, and deriving actionable recommendations within minutes.
In this session, you will learn:
• How SOC analysts establish context through process analysis, host evaluation, and threat intelligence
• Why qualified escalations make a critical difference
• Why modern MSSPs must rely on a combinat ...
