The Role of AI in Modern Security Operations Centers (SOCs)
In industries such as healthcare, where safeguarding patient data is critical, AI-powered SOCs offer a decisive advantage against increasingly sophisticated cyberattacks.
Adam Khan, vice president of global security operations at Barracuda, explains that AI is already having an immense impact on security operations by accelerating investigations and reducing workloads on security teams.
“It enables faster, more accurate threat detection and automated responses by analyzing large volumes of alerts across various security tools and environments,” he says.
For example, AI can detect suspicious activity such as a compromised Microsoft 365 account and automatically disable access within seconds, preventing further damage.
“This machine-speed response lowers breach risk and frees analysts to focus on complex threats,” Khan says.
RELATED: Customized SOC training elevates cyber skills to enable growth.
Generative and Agentic AI for Healthcare SOCs
Generative AI turns raw telemetry into action, summarizing incidents in plain language, creating containment scripts and converting technical findings into board-ready updates that include regulatory impact.
Agentic AI goes further by taking constrained, preapproved actions, executing playbooks in a least-privilege sandbox, opening tickets, isolating endpoints or retrieving identity risk signals — always keeping a human in the loop for high-impact decisions.
It also eliminates handoff friction by auto-escalating incidents to the right owners using integrated asset inventories, on-call schedules and incident response playbooks.
For example, it can route anomalous protected health information access to the identity team or a clinical virtual LAN incident to the network team.
“Combined with retrieval-augmented generation over runbooks and historical cases, new analysts gain an ‘on-call copilot’ that boosts speed, consistency and decision quality while maintaining compliance,” says Tom Gorup, vice president of SOC operations for Sophos.
He explains that AI agents are not “set it and forget it” tools; as AI models update, you’ll want to update along with them.
As a healthcare IT environment changes, whether in terms of the cloud, applications or endpoints, security leadership must ensure that agents understand those changes. As attacks evolve, they must have playbooks ready to respond.
“This means healthcare SOCs will need a different kind of focus and investment in their AI solutions than they’ve traditionally made,” Gorup says.
EXPLORE: How should healthcare organizations navigate AI evaluation and implementation?
Addressing Cybersecurity Workforce Shortages With AI
Michael Stempf, vice president of product experience for Commvault, says automating high-volume, low-complexity tasks and upskilling existing staff is critical given healthcare’s severe talent gaps.
“AI handles first-pass alert triage, log parsing, enrichment, evidence gathering and correlation of ‘normal-looking’ events to flag real attacks,” he explains.
It auto-generates draft investigations and routes or escalates them to the right owner, so analysts don’t lose time figuring out who to engage. It also accelerates onboarding by turning institutional knowledge into searchable, context-aware guidance, helping new hires navigate complex healthcare IT faster.
“This lets SOCs operate effectively with fewer Level 1 analysts and frees senior talent for threat hunting and complex incident response, provided data access is governed, and escalation boundaries are clear,” Stempf explains.
