Amidst all this AI, we mustn’t forget the analyst.
UX/UI
An AI-native SOC starts in the analyst's chair
After diving into articles, LinkedIn posts, and blogs that talk about AI-native SOC, it seems that everything revolves around restructuring architecture, analyzing data faster and faster, or having agents collaborating with each other… but very little is said about what happens in the analyst’s chair.
If we look at it from a user experience perspective, the line between “our product has AI” and “we have an AI-native product” is much clearer.
When we talk only about applying AI, we see how, as a general rule, a model is stuck on top of the SIEM and we blindly trust that this new scoring, this “co-pilot,” or this natural language chat will reduce the analyst’s workload. It’s an additional layer: more suggestions floating across the screen, more summaries generated, and more dashboards with metrics. But the analyst’s workflow hasn’t changed; they still have to do those repetitive tasks, we’ve just added even more things for them to look at.
However, if we are really talking about a workflow in an AI-native SOC, the starting point is different: we begin by redesigning the analyst’s entire workflow, the views, the timelines, and all those actions that they perform repeatedly, so that AI is integrated into every critical step of the process.
At Lobera, we have experienced this difference throughout our research and conceptualization process for the XGuardian user experience. A SOC does not become AI-native just because you can ask it questions in natural language, or because it has a cute widget floating in the lower right corner of the screen. It starts to become AI-native when the analyst no longer has to jump between 10 open tabs in their browser to reconstruct what has happened, and receives the necessary information at the right time, instead of having to review 20 more dashboards.
From a UX perspective, we move away from the question of “What model do we use?” to focus on what exactly we want to change in the analyst’s day-to-day work. If, after integrating AI, the analyst continues to make the same clicks, open a thousand tabs, and make decisions with the same level of uncertainty, we have not built anything AI-native; we have only given the interface a more modern look.
Sometimes, in order to achieve the goal of building something AI-native that is truly worthwhile, uncomfortable design decisions have to be made: At what points in the flow does it make sense for AI to intervene proactively, and at what points is it better for it to respond only when the analyst asks it to? What feedback does the analyst need? What actions can we automate?
That is where, in our opinion, much of the current discourse on Artificial Intelligence falls short: there is a lot of talk about models and data, but without the analyst’s experience, nothing tangible changes. What we have built is not an AI-native SOC, but the same SOC as always, with more colors and gradients.
Amidst all this AI, we mustn’t forget the analyst.
UX/UI An AI-native SOC starts in the analyst's chair After diving into articles, LinkedIn posts,
How SLMs are transforming enterprise AI
IA APLICADA Save on training without losing efficiency The adoption of artificial intelligence (AI) is
Welcome to the Lobera blog
WELCOME Protect and optimize your technology At Lobera, we work every day to design, build,