AI in the SOC: How Universities Are Using AI to Fill Cybersecurity Gaps

Also, student workers can use the AI tools to get up to speed quickly. When the system returns an executive-level report of an incident, the student can ask for a simplified version to help them break it down and understand it easily. As students use the tool to investigate incidents or potential phishing emails, for example, they can also ask the tool to critique their prompts and provide feedback about what they should consider moving forward, James says.

“It has absolutely freed up staff,” James says. “We don’t have to hand-hold students as much, and it provides skill sets that we didn’t have.”

RELATED: Learn how AI can help universities improve the student experience.

AI in the SOC Can Help Universities Manage Risk More Efficiently

Like any powerful tool, AI must be used thoughtfully and responsibly. That starts with developing policies, procedures and governance for the use of AI, James recommends.

“It changes so often, and you need rules in place so you can control it,” he says. “Also, require staff training on how to use AI and use it responsibly. The tools must be well vetted, and it’s important to manage how they’re collecting data.”

The riskiest way to apply AI to security “is to dump the entire job on AI and pat yourself on the back for saving a lot of staffing money,” Longman says. “AI will always be limited in its ability to reason and judge complex situations, so it will never be able to do the whole job.”

AI is best used for incident triage, data gathering, correlation and summarizing — not as a replacement for analysts, whose roles require constant inductive reasoning and judgment calls, Longman says.

Getting Started With AI Security in Higher Education

College and university SOCs that are not yet using AI have a number of options.

“There are so many great tools out there, many of them free, that can help improve security operations,” Longman says. “Even just using them to generate some reporting templates, phishing email examples and community awareness documents can do a lot to stretch a very budget-restricted security program.”

When selecting AI tools, Longman recommends choosing products that integrate with the existing environment.

“At OSU, we’re already heavily invested in the Microsoft ecosystem for software licenses, endpoint management, communication and security tools,” she says. “This made Microsoft’s Security Copilot a great choice since it natively integrates with most of what we already use. But a university using a mix of tools would probably have to work a lot harder to get the same value out of it, so they might be better off using a product designed to fit their setup.”