8 min. read • Email this page • Bryley Systems Inc.

Missed part 1? Read How to Achieve Enterprise-Grade Security

Laser tag only works by the partnership of a player's skill and a tool that gives data

A laser-tag gun lying on the ground is useless. It has the potential to tag someone. It can receive a signal confirming a hit, but it can’t say when, where or why to fire. It’s a tool that needs a player.

The player brings strategy, interprets the lights and sounds in the chaotic game, tells a friend from a foe (with more than just sensor data) and adapts tactics on the fly.

Artificial intelligence buzzword

meet the cybersecurity reality

Maybe things are good in your organization. That’s great and often a sign of responsible cybersecurity practices.

Or maybe you haven’t dealt with a major cybersecurity incident. It’s tempting to think, ‘it’s not broken, why fix it?’ That’s normal. It’s also true that relying on that past experience can give a false sense of security.

The challenge is that while the criminal mindset doesn’t really change (it’s usually about stealing data or money), tech developers always put tools in their hands. This means the actual way they attack can change fast. Defenses that were solid a year ago might not recognize newer methods attackers use today. Newer threats are often designed to exploit gaps in older protection. So, while things seem okay now, sticking with security practices without a review can leave openings for these changing risks over time.

It’s less about fixing something that’s broken and more about seeing that your defenses keep pace with the current reality.

What’s the buzz?

The big breakthrough over the last few years is that AI can analyze threats based on many data points at once. And the value is realized when this robust information is deployed in collaboration with both Security Operations Center (SOC) analysts and local IT teams. Otherwise, increased information means just increased alerts. More alerts can just be more noise that can actually distract security teams from doing useful work.

So where does AI fit into the security equation? And how does AI’s inclusion in the SOC and IT teams transform it from an alert generator into a security partner?

Speed of attack needs an appropriate speed of response

A very fast attack is three to four hours, forensics analyst Dray Agha of Bryley partner Huntress said¹. Like, from getting in the door to ransoming an entire environment is three to four hours. So if we know that we can respond to most threats in under an hour, we’re well ahead of the threat actor. We’re well ahead … [and] feel really comfortable and good that we can prevent that worst case scenario from actually occurring.

AI is a powerful pattern-finder

To attain the speed of Huntress EDR, AI executes hundreds of calculations simultaneously, which can help:

spot behavior that deviates from normal activity
correlate signals across several large data sets (endpoint logs, access patterns, network traffic and current attack activity on the internet)
reveal trends, like gradual credential misuse or lateral (cross-account) movement

This kind of pattern detection is something human analysts can’t do at the same scale or speed. And so AI’s inclusion in cybersecurity brings real value — especially for a SOC trying to make sense of millions of log entries daily.

But we are now getting our knowledge from a machine that does not understand the world
–David Weinberger

While AI is great at finding patterns, it still lacks context. It doesn’t know:

if that’s an admin patching software on several machines or if that’s the lateral movement of an attacker
if it’s a new software installation or a malware executable
if a benign large data backup is an attacker’s data exfiltration
that a login is from an authorized contractor and not an attacker
a file put in Dropbox is an acceptable practice for the marketing team

So the AI tool provides lots of data and that can be improved by feedback. AI integrated into cybersecurity is part of a feedback loop that looks like this:

The Artificial Intelligence analyzes and detects patterns; it alerts the SOC about behavioral and system irregularities
The SOC triages alerts at scale, using risk scores informed by AI-determined correlations (that is, pulling in and making sense of many data points to get a fuller picture) to assess urgency
If the threat seems credible, local IT (which can include an internal team and/or Managed Service Provider) provides context, helping determine whether a flagged behavior is truly suspicious or business as usual
Local IT’s input helps the SOC tune its filters
The SOC then retrains AI models with better understanding of what actually matters in your specific environment

Getting better all the time

When SOCs, local IT and AI tools work together, the security improvement is substantial because:

alerts are tuned to what’s risky
AI can improve at auto-escalating meaningful alerts, while suppressing low-risk behaviors — and SOC teams can trust the logic behind those decisions
trends or multi-step attacks become easier to spot and investigate before they cause damage

AI multiplies IT security’s effectiveness

Because AI brings speed, scale and analytical power that people cannot match, the local IT team and the SOC can each focus on their role in achieving security (formerly this kind of unfolding-attack data [and even then it was less robust] was strictly had only by poring over lengthy logs).

So consider AI’s detection prowess like a laser-tag gun. It quickly identifies potential targets. But the system achieves its purpose when guided by a player – the human who understands the game, recognizes teammates and makes the strategic decisions about when and where to engage.

Artificial Intelligence flags potential threats, but its signals become actionable when interpreted through the SOC’s understanding of the threat landscape, validated by local IT’s knowledge of the specific environment and business activities.

Like a laser-tag gun needs a player to be of any help, in cybersecurity AI is a tool that needs a person’s direction.

This partnership between AI and human intelligence is where modern cybersecurity finds its greatest strength. AI handles the immense scale and speed of data analysis, freeing up human experts to apply critical thinking, business context and nuanced judgment.

AI lets the SOC and local IT teams collaborate efficiently, focusing their efforts on investigating and responding to the threats that matter. So this synergy – AI bringing its analytical horsepower and humans bringing understanding – is the foundation of faster and smarter defenses against emerging threats.

Bryley can deploy or help your IT team deploy AI with SOC support in your organization’s cybersecurity stack. Bryley has provided security solutions for hundreds of New England clients since 1987. Call 978•562•6077 or email Bryley’s Roy Pacitto to discuss evolving your data-protection in the face of new threats.

Subscribe to Up Times by Bryley, the monthly tech newsletter for New Englanders by New Englanders.

^{1 Huntress webinar, the Power of People}

Per-device features	Basic	Pro*
Response to network-critical issues	Within four hours. Same Day, as the situation requires	Within four hours. Same Day, as the situation requires
Response to non-critical issues	Within eight hours. Same Day, as the situation requires	Within eight hours. Same Day, as the situation requires
Performance optimization	Included	Included
Security optimization	Included	Included
Monitoring and alerts	Included	Included
File and patch updates	Included	Included
Reporting	Included	Included
Administration	Included	Included
Reliability optimization	Partial	Included
Software issues	Partial	Included
Hardware issues	Partial	Included
Network issues	Partial	Included
PC imaging		Included
On-site response		Included

How to evolve your security for evolving attacks