In an exclusive email interaction, The Mainstream spoke with Dipesh Kaura, Country Director – India & SAARC, Securonix, to explore emerging trends in AI-led security operations. The conversation highlights his perspectives on concepts such as Agentic Mesh, AI-driven SOC transformation, and the evolving future of cybersecurity.
- There is growing focus on concepts like Agentic Mesh and AI-driven SOC assistants. Could you briefly explain what these are and how they fit into modern security operations?
Modern Security Operations Centers are under constant strain. Analysts are dealing with overwhelming volumes of alerts, while data is spread across cloud, SaaS, identity, and endpoint environments. At the same time, regulatory pressure continues to grow, and threat actors are using AI to move faster and operate with greater precision.
This creates a difficult balance. CISOs are expected to improve response times, control costs, and prove that automation is working safely within compliance boundaries. Boards are no longer satisfied with activity. They want measurable outcomes and clear accountability.
The Agentic Mesh introduces a different way to operate. It connects a network of intelligent, explainable AI agents that can think, act, and learn within defined guardrails. These agents do not work in isolation. They collaborate as part of a coordinated system, supporting analysts across triage, investigation, and response. Every action is transparent, auditable, and aligned to policy, creating a model where speed and accountability work together.
This stands in contrast to traditional AI-driven SOC assistants. While these tools can help summarize alerts, suggest actions, and automate certain tasks, they often function as isolated helpers. They support workflows, but they do not fundamentally change how decisions are made or governed. As a result, teams may gain incremental efficiency, but still face challenges around trust, consistency, and scale.
By shifting from standalone assistance to a connected system of governed AI agents, the Agentic Mesh enables a more coordinated and accountable approach to security operations. Analysts spend less time managing noise and more time making informed decisions, while organizations gain the visibility and control needed to operate with confidence in an increasingly complex threat landscape.
- How are such innovations redefining Tier 1 and Tier 2 SOC workflows, particularly in areas like alert triage and investigation?
Tier 1 analysts sit on the front line of the SOC, responsible for triaging alerts and filtering out false positives before they escalate. In theory, this layer protects the rest of the operation. In practice, the sheer volume of alerts makes it difficult to keep up, increasing the risk that real threats slip through unnoticed.
AI-powered support can ease this pressure, but the real shift comes when that support moves beyond simple assistance. With AI operating as part of a coordinated system, much of the repetitive triage and initial investigation work can be handled automatically. This allows analysts to spend less time sorting noise and more time applying judgment where it matters. The result is faster response, fewer missed signals, and a meaningful reduction in fatigue at the front line.
For Tier 2 analysts, the challenge looks different but is just as demanding. They are responsible for deeper investigation and containment, often working across fragmented data and complex workflows. Piecing together context across multiple systems slows response and increases the likelihood of burnout, especially when high-priority threats require sustained focus.
Here, AI plays a different role. Instead of just accelerating tasks, it helps connect the dots. Investigations are enriched with context, workflows become more streamlined, and response actions are better informed. This gives Tier 2 analysts the clarity and space to focus on complex threats, rather than getting pulled into operational friction.
Across both tiers, the goal is not to replace analysts but to rebalance how work gets done. By reducing manual effort and improving the quality of insight, the SOC becomes more focused, more consistent, and better equipped to handle the pace and complexity of modern threats.
- Can AI-driven systems like Sam help reduce alert fatigue for security analysts?
Analysts are dealing with more alerts, more tools, and constant pressure to make the right decision at the right moment. Scaling the SOC is no longer just a hiring problem. It requires a different way to extend capacity without adding complexity.
Sam, the AI SOC Analyst, is designed to do exactly that. It acts as a digital teammate, expanding the reach of the SOC while keeping analysts firmly in control. Rather than operating as a standalone assistant, Sam works within the Agentic Mesh, coordinating a set of specialized AI agents that each play a defined role across detection, investigation, and response.
These agents are built for precision and speed, but their real strength comes from how they work together. Sam acts as the intelligence layer that understands when each agent should be used, how context should flow between them, and how tasks should be sequenced. This coordination allows the SOC to operate as a connected system rather than a collection of tools, reducing friction and improving consistency across workflows.
One example is the Noise Control Agent, which focuses on reducing alert fatigue at the source. It filters out false positives, removes unnecessary noise, and creates a cleaner signal for the rest of the SOC to act on. With less clutter to manage, analysts can focus on real threats with greater clarity and confidence.
By orchestrating these agents as part of a unified workflow, Sam helps the SOC move faster, stay aligned, and make better decisions under pressure.
- Does the new SOC operating model improve efficiency in handling large volumes of security data?
The new SOC operating model brings Sam, the AI SOC Analyst, together with the Agentic Mesh to handle the scale and complexity of modern security operations. It is built to help teams manage growing volumes of data without losing control, visibility, or efficiency.
Designed to run at scale, the platform leverages a cloud-native foundation to deliver consistent performance as data and demand increase. At the center of this model is a more intentional approach to data. Instead of treating all telemetry the same, teams can control how data flows, where it is stored, and how it is used across the SOC.
High-value data is prioritized for real-time detection and response, while lower-value data is routed for compliance, retention, and forensic use. This allows organizations to maintain full visibility without driving unnecessary cost.
The Data Pipeline Agent plays a key role in making this work. It classifies, filters, and routes telemetry based on context, value, and urgency, ensuring that every part of the system is working with the right data at the right time. By coordinating data flow across the Agentic Mesh, it helps improve detection quality, accelerate investigations, and keep operations efficient as the SOC scales.
- Is Securonix moving from basic automation toward AI-led decision-making in cybersecurity?
Security teams are moving beyond rule-based automation toward intelligent autonomy. Systems are expected to go further than executing predefined tasks. They need to adapt to changing conditions, learn from patterns, and support decisions in real time.
As a result, detection becomes faster and more contextual, investigations gain clarity, and response actions improve in precision and consistency. The SOC operates with greater confidence, supported by systems that can keep pace with evolving threats rather than reacting after the fact.
Expectations are also changing. Boards want measurable outcomes. Leaders want efficiency without added risk. Analysts need support that reduces workload while keeping them in control. Meeting these demands requires a more advanced operating model built around coordinated intelligence.
With Sam, the AI SOC Analyst, working within the Agentic Mesh, security operations move beyond simple alert reduction toward AI-driven execution. Tasks are managed across a system of agents that can triage, investigate, and respond as part of a connected workflow.
In this model, AI takes on operational workload while staying aligned to policy and human oversight. Established processes become more dynamic, adapting in real time as threats evolve. The result is a more responsive and resilient SOC, where teams can scale their capabilities without losing visibility, control, or trust.
- Can the Agentic Mesh model help SOC teams scale operations without increasing headcount?
Sam, the Securonix AI SOC Analyst, operates as an always-on digital teammate that expands SOC capacity and scales operations without adding headcount. Working within the Agentic Mesh, it coordinates a set of specialized AI agents across detection, investigation, response, and reporting, all within a governed and controlled framework.
Sam takes on a significant portion of Tier 1 and Tier 2 workload, including alert triage, investigation, correlation, and response preparation. By absorbing repetitive and time-intensive tasks, it reduces the operational burden on analysts and allows them to focus on judgment, escalation, and high-risk decisions where human expertise matters most.
Organizations have seen mean time to respond reduced by over 60 percent, while increasing the volume of investigations completed, all without expanding team size.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
