Why the traditional SOC model needs to evolve [Q&A]
The security operations center (SOC) has long relied on traditional SOAR platforms to manage incidents, but today’s threat landscape is moving too fast for rigid, static approaches. As attackers use AI to evolve their tactics, security teams need smarter, more adaptive systems to keep up.
We spoke to Tom Findling, co-founder and CEO of Conifers.ai, about how AI-powered SOC platforms are helping organizations scale their defenses, improve threat detection, and move from reactive alert management to proactive risk reduction.
BN: Why do you believe traditional SOAR is insufficient for modern security needs?
TF: Traditional SOAR platforms were built for a time when scaling security meant hiring more analysts and writing detailed playbooks for every scenario. That model can’t keep pace with the speed and sophistication of today’s threats. Adversaries now use AI to adapt in real time, and security operations have to move even faster.
The problem is that most traditional SOAR tools are hard to maintain, requiring additional engineering headcount with special expertise to do so, and are based on rigid rules that don’t adapt. This can lead to fragile systems that slow teams down. SOC excellence isn’t about working harder. It’s about working smarter by using systems that learn, adapt, and support analyst judgment.
BN: How do AI-powered SOC platforms differ from traditional SOAR tools, and why does that matter?
TF: AI-powered SOC platforms get smarter by absorbing environment-specific information and providing context-aware decisions that enable analysts to prioritize and act quicker. You go from ‘if X, then Y,’ a conditional statement in logic, to dynamic, adaptive responses.
That’s important because modern environments are too complex and fast-moving for static tools. The best SOC leaders focus on making their teams smarter over time, not just faster. AI-powered SOCs support multi-tiered investigations at scale, reduce manual triage, and keep human oversight for decision-making. The goal isn’t to replace people. It’s to augment them with systems that cut through noise and surface what matters.
BN: How can AI help organizations scale their SOCs without sacrificing quality or adding more resources?
TF: Scaling security operations by simply adding headcount is expensive and unsustainable. AI-powered SOCs change the model by enabling teams to handle more incidents with the same, or even fewer resources, while maintaining high quality.
For example, service provider DTX expanded its managed SOC business by using AI to speed up and improve incident handling without increasing headcount. Analysts focused on complex investigations, facilitated by AI analysis and enrichment, while the technology handled repetitive tasks.
True scale means more than speed. If you’re only measuring success in terms of how fast tickets are closed, you’re missing the bigger picture. The business cares about risk reduction, not just activity.
BN: How is AI transforming threat hunting and detection? What are the benefits of proactive over reactive approaches?
TF: Speeding up firefighting doesn’t make a SOC better if you’re still reacting after the damage is done. The best teams use tools and capabilities to find threats earlier in the kill chain. They build a detection and response strategy that allows them to contain threats closer to the point of initial access.
AI helps teams shift from reactive alert fatigue to proactive, intelligence-driven processes. It continuously refines detection logic, reduces false positives, and boosts signal quality. AI continuously ingests institutional knowledge, scales judgment, and makes every analyst more effective. That’s what elevates detection and response from tactical to strategic.
BN: How can AI-powered SOCs help organizations demonstrate security impact internally and externally?
TF: Proving the SOC’s value has always been tricky. But AI-powered SOCs can surface meaningful key performance indicators tailored to each organization or customer, such as detection effectiveness, time to containment, and quality of response.
This gives security teams the tools to measure what matters. They can show not just activity, like how many alerts they worked on, but actual impact, like how much risk was reduced. This builds trust with business leadership, customers, and regulators. If you show that your SOC is improving outcomes, not just closing tickets faster, you’re making security a business enabler.
BN: What’s a realistic approach to rolling out AI in the SOC? Do you have any advice for organizations starting small, but aiming to scale quickly?
TF: You don’t have to overhaul your entire SOC to get started with AI. A phased, crawl-walk-run approach works best. Begin by identifying high-value use cases where AI can deliver quick wins. Test AI in these areas, prove ROI, and then expand incrementally.
To be effective, AI must integrate with your existing stack, such as SIEM (security information and event management), EDR (endpoint detection and response), IAM (identity access management), cloud, threat intelligence, and ticketing systems. When you map incidents to specific use cases, AI becomes more than a buzzword. It becomes a trusted teammate that improves the signal-to-noise ratio and reduces the burden on analysts.
BN: Looking ahead, how do you see the role of the SOC evolving as AI continues to integrate into security operations?
TF: As AI becomes more deeply integrated, SOCs will evolve from reactive alert management centers into proactive risk reduction hubs. The focus will shift to building systems that continuously learn and improve.
Human analysts will always be essential, but their time will be spent less on low-level tasks and more on critical thinking and decision-making. AI will act as a force multiplier that helps teams manage more incidents with the same resources. Those who adopt it intelligently will see faster and better responses.
With attackers and defenders using AI, the SOCs that thrive will be those that improve their detections, not just close false positives. Ultimately, SOCs that treat AI as a strategic partner, not just an automation layer, will be best positioned to reduce risk and drive business value.
Image Credit: Ahmadrizal7373/Dreamstime.com