ExtraHop expands platform capabilities to support AI-driven SOCs

Security operations centres (SOCs) are increasingly integrating artificial intelligence (AI) to manage the rising complexity of cybersecurity threats. Recognising a gap in actionable insights, ExtraHop has unveiled a suite of enhancements aimed at empowering SOCs with autonomous AI capabilities.

AI-driven SOCs can now leverage ExtraHop's advanced visibility and forensic capabilities. The platform aims to deliver deep network, identity, and Kubernetes telemetry, allowing AI agents to not only detect anomalies but also respond autonomously, minimising reliance on human intervention.

The new capabilities utilise ExtraHop's network telemetry to deliver comprehensive, contextual insights. This seeks to ensure AI agents can identify and correlate activities across devices, users, applications, and identities. As a result, security teams can address threats at machine speed, enhancing overall efficiency.

ExtraHop has reinforced its platform by embedding it with identity systems such as Entra ID, Active Directory, and Okta. This integration aims to enrich data on user interactions, providing SOC teams with the essential context for quick threat investigation and response, ultimately reducing Mean-time-to-Response (MTTR).

The enhancements extend to cloud-native applications, allowing full visibility into Kubernetes environments. The platform seeks to enable SOC teams to capture, decrypt, and analyse Kubernetes traffic, providing data to inform AI-based decisions.

With the introduction of the ExtraHop Query Language (EQL), AI agents can query voluminous network data to extract necessary information, fostering threat detection and automated responses via APIs and Model Context Protocol (MCP) servers.

These developments aim to improve data visibility for modern SOCs and support the use of AI in threat detection and response as organisations expand their AI-driven cybersecurity strategies.