Building an automated SOC that triages 99% of alerts without human review
Cycops, a B2B SaaS company handling enterprise authentication for 300+ clients, needed enterprise-grade security without enterprise-grade headcount. Durrani Tech built an AI-assisted SOC that auto-triages the vast majority of security alerts.
Client
Cycops
Industry
Technology
Services
Duration
4 months
99%
of alerts automatically triaged without analyst review
82%
reduction in mean time to detect (MTTD)
SOC 2
Type II certified within 6 months of engagement
3
critical vulnerabilities remediated in week one
The Challenge
Cycops' small engineering team was drowning in 2,000+ SIEM alerts per day with no dedicated security analyst. Alert fatigue meant real threats were being missed. A pen test by an external firm found three critical vulnerabilities in their authentication API.
Our Approach
We remediated the critical vulnerabilities immediately, then designed a long-term SOC architecture. At its core was an ML classifier trained on six months of historical alerts to separate signal from noise. Playbooks were built for the top 20 alert categories with automated response actions.
The Solution
Deployed Splunk SIEM with custom detection rules tuned to Cycops' application behaviour. The ML triage layer reduced analyst-reviewed alerts from 2,000/day to under 80. Built a customer-facing security status dashboard and SOC 2 Type II compliance programme.
Results.
99%
of alerts automatically triaged without analyst review
82%
reduction in mean time to detect (MTTD)
SOC 2
Type II certified within 6 months of engagement
3
critical vulnerabilities remediated in week one
Stats are representative of outcomes achieved.