SentinelOne launches Purple AI Athena to boost SOC automation
The release of Purple AI Athena introduces features aimed at automating and accelerating security operations tasks that are typically undertaken by Security Operations Centre (SOC) analysts, including the triaging, investigation, and remediation of security threats.
These capabilities are designed to support increasingly overstretched security operations teams by reducing the mean time to respond (MTTR) and mitigating alert fatigue.
According to the details disclosed, Purple AI Athena leverages AI that mimics the iterative thinking processes and deductive reasoning of experienced SOC analysts.
The underlying system utilises SentinelOne's security models and agentic framework to execute investigations on suspicious activities across multiple data sources. Orchestrating multi-step response actions, it aims to remediate threats in a matter of seconds, contrasting with more traditional approaches that can require hours.
The AI is reported to be fine-tuned through an advanced combination of neural networks working across trillions of security-relevant data points.
This architecture is bolstered by a global network of security professionals who provide continuous feedback, resulting in what SentinelOne describes as a scalable approach to autonomous security operations. The platform's Auto Triage feature applies deep security reasoning to conduct similarity analysis on alerts, identifying and prioritising those more likely to be true positives. Auto Triage is stated as being made generally available with the new release.
The Purple AI Athena release also features full-loop remediation and response, powered by what the company refers to as Singularity Hyperautomation. The agentic AI system within Purple AI employs no-code workflow capabilities, automatically creating detection rules and transforming insights from investigations into autonomous processes. It provides security teams with result summaries and prompts analysts to convert tasks and insights into reusable automation workflows. These workflows reportedly enable the system to investigate and resolve alerts, learning and improving remediation actions over time.
This move is intended to move beyond basic, rules-based automation in security operations, facilitating more comprehensive and orchestrated responses to threats.
Another significant component of the announcement is the data-agnostic integration feature.
With this release, security operations teams can directly use Purple AI with third-party Security Information and Event Management (SIEM) systems and security data lakes without the need for data migration.
Alerts are ingested and correlated in real time, after which Purple AI applies streaming analytics and remediation actions. This is intended to enable organisations to avoid incurring additional costs or delays due to data transfers or integration steps, providing immediate access to advanced AI-driven security operations across diverse environments.
SentinelOne states that Purple AI's development has benefited from broad adoption in production environments since its initial unveiling in 2023. The company's proprietary sensor architecture is described as supporting granular, customer-specific tuning of data collected from endpoints and cloud workloads.
This data is processed within SentinelOne's AI-powered SIEM, and the resulting dataset is continuously refined via feedback from SentinelOne's Managed Detection and Response (MDR) team and global partners.
The Purple AI Athena release includes expanded agentic AI capabilities such as AI-powered data integrations, automated threat hunting and detection, auto-triage and investigations, rule creation for new detection scenarios, automated response and reporting, and AI-powered support functions.
Tomer Weingarten, Co-Founder and Chief Executive Officer of SentinelOne, commented, "AI and automation have long held the promise of fundamentally transforming security operations and supercharging analysts to detect and respond – at machine speed – to threats from even the most sophisticated nation state adversaries and cyber criminals. At RSA, we're revealing the industry's first true end-to-end agentic AI cybersecurity platform built on over a decade of security expertise – and we're bringing it to all security data in the modern SOC."
He added, "By delivering agentic AI automation and orchestration capable of reasoning and responding like an advanced security analyst, we believe humans get empowered even more as they assume supervision of these systems - an important role that will also shape the coming generation of security service providers."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
07-08-2025
- Techday NZ
Gurucul launches AI-SOC Analyst to transform cybersecurity centres
Gurucul has announced the release of its new AI-SOC Analyst, an artificial intelligence-powered system designed to enhance the functioning of security operations centres (SOC) through a blend of automated and human-led processes. The AI-SOC Analyst has been developed to handle the automatic triage of alerts, extract and classify key artefacts, assign risk scores and respond dynamically by either escalating alerts or remediating incidents. According to the company, this mechanism is set to reduce mean time to resolution (MTTR) by 83%. The system is designed to emulate experienced human analysts by investigating each alert, obtaining relevant context, and establishing the priority of incidents that truly require attention. This approach allows SOC teams to benefit from autonomous incident handling, supplemented by insights and evidence-based recommendations that facilitate faster and more informed decision-making by human analysts. An additional feature is the integration of the Sme AI copilot, which employs generative AI for interpreting complex data, summarising threat intelligence and incident reports, translating log patterns into plain language, and suggesting queries and appropriate next steps during investigations. Management perspectives Saryu Nayyar, Chief Executive Officer of Gurucul, said: "As threats proliferate, alert fatigue, understaffed SOCs, analyst burnout, and increasing threat complexity remain pervasive problems. Gurucul's AI-SOC Analyst frees them from the vast majority of repetitive, high-volume and mundane tasks to instead focus on higher-value work. Humans remain a critical piece of security operations, and we're giving them the tools needed to be successful in today's fast-paced threat landscape to deliver faster responses. This innovation marks a huge step in Gurucul's journey to transform SOC operations and continues to underscore our commitment to securely harnessing the power of AI to empower the SOC." The AI-SOC Analyst offers uninterrupted 24/7 monitoring for alert handling, removing concerns over weekends, holidays, and analyst burnout. Gurucul states that the system can investigate alerts within seconds, thus decreasing both the mean time to detection (MTTD) and MTTR. It is designed to complement human analysts by providing consistent, unbiased decisions and minimising human error or subjective judgement during alert handling. Operational impact By leveraging behaviour analysis and correlation, the AI-SOC Analyst can filter out false positives, ensuring that only credible and actionable threats are escalated to human analysts. The platform is capable of triaging thousands of alerts simultaneously, aimed at reducing the need for large SOC teams focused on the early stages of triage and investigation, thereby enhancing cost efficiency and scalability of security operations. Gurucul's offering is described as the industry's first AI Analyst that is natively integrated with the Gurucul Unified Data and Security Analytics Platform. The company highlights transparency and explainability as central features, allowing every decision made by the AI-SOC Analyst to be reviewable and open to validation, ultimately supporting ongoing feedback and improvements. The automation encompasses Level 1 SOC analyst responses, while equipping Level 2 and Level 3 analysts with deeper insights, risk prioritisation, evidence-based recommendations, and automation for responses to incidents. Investment in artificial intelligence Nilesh Dherange, Chief Technology Officer of Gurucul, said: "At Gurucul, we are on a mission to empower SOC teams with the power and promise of AI, unlocking human potential with fewer distractions, controlled costs and complete context. We are making huge investments in AI research and have added purpose-built use cases powered by the most suitable LLMs with this AI-SOC Analyst to automate alert triage and response with flexible workflows." Emphasising integration into the existing platform, Gurucul asserts that trust is strengthened by making every AI decision transparent and explainable. The system is intended as a support mechanism, not a replacement, for human analysts, allowing more focus on complex threats and strategic tasks. Neda Pitt, Chief Information Security Officer, said: "Gurucul's AI-SOC Analyst is a game changer for the SOC. The AI-driven insights with automated triage and response provide a level of visibility and speed we simply have never had. It helps prioritize what matters, cuts through the noise, and stays ahead of an ever-changing threat landscape. It's like having an intelligent co-pilot in the SOC, augmenting human analysts without adding headcount!" Gurucul has announced demonstrations of the AI-SOC Analyst for industry professionals and plans to continue adapting AI to support SOC operations through ongoing research and use-case development.
Techday NZ
04-08-2025
- Techday NZ
DXC, 7AI launch global AI security service to boost efficiency
DXC Technology and 7AI have launched a global strategic partnership that will see the deployment of an AI-powered security operations service across DXC's worldwide customer base. The new initiative, called DXC Agentic Security Operations Centre (SOC), aims to automate core security operations through the integration of 7AI's agentic platform. The two firms stated the platform will reduce manual processing bottlenecks, offering potential time savings of 30 minutes to 2.5 hours per investigation, while significantly lowering false positive rates that typically demand substantial analyst resources. Operational efficiency gains According to data from 7AI, the platform processed more than 568,000 alerts and saved security teams 224,000 analyst hours in 2025 alone, which is equivalent to 112 years of analyst work and an estimated USD $11.2 million in productivity gains for users. DXC Technology will integrate 7AI's technology into its own managed security services globally, providing autonomous AI agents throughout processes including alert ingestion, risk investigation, and incident remediation. The platform's capabilities are intended to extend beyond simple automation, offering what DXC and 7AI describe as a fundamental change to how managed security is delivered. The use of autonomous agents is designed to scale coverage, offer faster response times, and reduce operational costs for organisations facing an increasing volume of cyber threats. "The use of AI enhances security efforts by boosting efficiency, augmenting human skills, and enabling SOCs to scale and deliver greater value in the face of growing cyber threats. The future of security operations isn't about more tools or more automation, it's about intelligent AI agents that deliver measurably better outcomes. By partnering with 7AI, we're pioneering the next phase of managed security services, delivering better insights, faster response times and, ultimately, superior protections for our customers," said Chris Drumgoole, President, Global Infrastructure Services at DXC. Internal use and results DXC has also implemented 7AI's platform within its own internal security operations centre. According to Mike Baker, DXC's Global Chief Information Security Officer, after deploying 7AI's technology the company observed an 80% reduction in tier 1 SOC analyst time, a 95% drop in the number of tickets needing human analysis, and a 67% cut in mean time to respond for tier 1 and tier 2 operations. How it works The 7AI platform leverages what the company calls Dynamic Reasoning technology, enabling the AI to autonomously decide on investigative actions for novel and previously unseen threats in real time. This approach is designed to avoid reliance on static, pre-written playbooks or rules, and it is intended to further reduce the incidence of false positives and improve incident investigation times. Customers deploying the new DXC Agentic SOC will receive security expert support for implementation and ongoing operations, as well as access to incident response and breach management services. The managed service also includes the provision of anonymised threat patterns, contributing to the continual improvement of threat detection while maintaining strict client data protection standards. Additional services tailored to each customer include governance, risk, and compliance support. Broader industry context The launch of the DXC Agentic SOC comes amid continued expectations that artificial intelligence will play a greater role in cybersecurity operations globally. Both DXC and 7AI stated that partnerships leveraging AI in security operations are set to deliver improvements in speed, scale, and operational cost, compared to traditional, manual approaches. "DXC's global cybersecurity scale - serving hundreds of customers, across 25 delivery centers that process 4.5 million daily security threats – provide the real-world data environment essential for advancing our AI. This combination of proven security leadership and operational breadth makes DXC the ideal partner for delivering truly agentic security solutions to the enterprise market. This partnership validates our vision for a new era where security teams can focus exclusively on security outcomes. DXC customers will experience what it means to have AI agents that continuously improve their understanding of each organization's unique security context," said Lior Div, CEO and Co-Founder of 7AI. 7AI projects that with ongoing adoption, its platform will save customers upwards of USD $100 million in 2025 through further reductions in manual security operations workload and analyst resource needs.
Techday NZ
30-07-2025
- Techday NZ
Tenable One reaches 300 integrations to unify security data
Tenable has announced that its Tenable One Exposure Management Platform now features over 300 validated integrations. The company stated that this milestone establishes Tenable One as the most interconnected exposure management platform currently available, allowing it to serve as what it describes as a central hub for security data and analytics integration. Fragmentation challenge With enterprises on average deploying 83 distinct cybersecurity tools according to industry research, organisations are facing fragmented and siloed views of their attack surfaces. This environment creates blind spots that attackers can target, and results in security teams spending significant time reconciling separate streams of data. Tenable's position is that Tenable One solves this challenge by connecting disparate parts of the security stack, enabling a more unified approach to exposure management. The platform's additions bring together data across various tools and systems, which the company positions as a measure towards improved risk reduction and visibility. "A closed-off platform isn't just an inconvenience - it's a security risk, and Tenable is leading the charge to tear down these walls," said Eric Doerr, chief product officer at Tenable. "Reaching over 300 integrations is a fundamental shift in cyber control. We're giving our customers the power to see everything, connect everything, and manage their exposure from a single, unified platform without having to replace the tools they already trust. This is the future of cybersecurity, and Tenable is delivering it today." Centralising risk view The Tenable One platform is designed to unify data from a range of technology sources, including endpoint detection and response (EDR), cloud native application protection platforms (CNAPP), asset inventory, and privileged access management (PAM) tools. By integrating third-party data, Tenable One aims to provide a contextualised view of risk, which it enhances with threat intelligence and business context to help security teams identify blind spots. The platform integrates with IT service management systems, communication platforms, security information and event management (SIEM) tools, and patch management products. Tenable says these integrations help automate remediation workflows and improve cross-team coordination, reducing the time needed to resolve exposures. Customer adoption and measurable impacts Tenable reports that approximately two-thirds of Tenable One customers currently use its integrations, including what it refers to as some of the most security-mature organisations. Customers have reported up to ten times greater visibility and a 75 percent reduction in data aggregation efforts according to the company, freeing resources for preventative security operations. To support future growth of the ecosystem, Tenable has announced a universal integrations connector will be introduced for the platform later in the year. This tool will enable customers and partners to develop their own integrations, allowing for secure connection of custom applications and additional security tools to Tenable One. Partner perspectives Partners have commented on the role of integration in enhancing security outcomes. "Effective security requires collaboration, and our partnership with Tenable exemplifies this approach in action. By integrating Tenable One's rich exposure data directly into Splunk Cloud Platform, Splunk Enterprise Security, and SOAR, we are providing our joint customers with unparalleled context to detect and respond to threats faster than ever before. The breadth of Tenable's ecosystem is a massive force multiplier for security operations teams." – Gretchen O'Hara, Vice President, Worldwide Channels & Alliances, Splunk Other security vendors referenced the importance of a unified approach to risk management across different business functions. "The traditional boundaries between security and operational teams have blurred, and meaningful risk reduction demands coordinated action across the business. The deep integration between Tenable One and the ServiceNow AI Platform helps close the gap between vulnerability identification and enterprise-scale remediation. Together, we're enabling customers to accelerate response and embed risk reduction into the fabric of how work gets done, ensuring critical exposures are addressed before they can be exploited." – Lou Fiorello, GVP and GM of Security and Risk Products, ServiceNow "Privileged accounts are a top target for attackers, and understanding their exposure is critical. The integration between our PAM solution and Tenable One gives our joint customers a powerful advantage. By combining Tenable's deep vulnerability insights with our privileged access controls, organizations can see exactly where their most sensitive accounts are at risk and take immediate action to secure them. This unified approach is essential for preventing privilege escalation and stopping breaches." – Joanne Wu, Vice President, Business Development, CyberArk An IBM report, referenced by Tenable, suggests that the use of comprehensive security platforms can provide business value by improving visibility and response times across complex security environments. Follow us on: Share on:
