AI assistance delivers gains for SOC analysts
Security Operations Centers are inundated with thousands of alerts each day, most of which are false positives or low-severity issues. This flood of noise leads to alert fatigue, forcing SOC analysts to waste valuable time on false alarms instead of focusing on genuine threats.
A new study from Dropzone AI looking at SOC analyst performance across 148 security analysts shows that AI can improve effectiveness. AI assisted investigations were 22–29 percent more accurate than those in the unassisted control group.
“These results indicate that AI-driven investigation platforms enhance speed and accuracy to provide immediate operational value,” says Hillary Baron, associate vice president of the Cloud Security Alliance. “The findings underscore the benefit these tools can deliver in high-volume SOC environments, where consistency and efficiency are critical to success.”
The study compared analyst performance with and without the assistance of Dropzone’s AI SOC Analyst. Participants faced two escalated alert scenarios that required human review, an AWS S3 bucket alert and a Microsoft Entra ID failed login attempt, and were evaluated on four objective measures (accuracy, speed, completeness, and detail) as well as three subjective factors (perceived difficulty, confidence, and attitudes toward AI).
Investigations were completed 45–61 percent faster with AI assistance when compared to those in the manual control group, while 94 percent of participants reported a more positive view of AI for cybersecurity alert investigations after completing the scenarios.
The AI assisted group also demonstrated more consistent performance under fatigue, avoiding the sharper drop-offs observed in manual investigations.
“SOC leaders are looking for evidence that AI delivers material results. The results of this study are clear: AI is no longer a ‘nice-to-have' in the SOC, it’s essential to sustaining both quality and analyst confidence in the face of complex threats,” says Edward Wu, founder and CEO of Dropzone AI. “With threat actors operating at machine speed and attacks growing more sophisticated, human analysts simply can’t keep pace on their own. This is why Dropzone AI was built, to amplify human capabilities, ensuring that even under pressure, investigations remain fast, accurate, thorough, and consistent. This study validates what we see with our customers every day; AI-assisted SOCs are more resilient, make smarter decisions, and deliver stronger outcomes at scale."
The full study is available on the Dropzone AI site.
Image credit: Eriksvoboda/Dreamstime.com