NTT Data Cuts SOC Incident Response Effort by 70% With AI
NTT Data's security operations centers processed alert volumes that outpaced their ability to hire analysts. A year ago, the company deployed AI to handle the backlog and achieved a 50-70% reduction in effort per incident, along with a 50% improvement in response time.
The company did not eliminate jobs. Instead, AI helped the SOC grow capacity without matching headcount to alert growth.
The implementation required more than selecting a vendor. NTT Data's cybersecurity leaders identified 12 practical strategies that determined success or failure.
Start With Measurable Targets
The first step was defining what success looked like before deploying AI. NTT Data set four key performance indicators:
- Incident Type Coverage: AI should process more than 90% of incoming alerts. The company achieved this for IT alerts and is expanding to other alert classes.
- False Positive Closure: AI should correctly identify and automatically close 90% of false positives. The company is on track to meet this target.
- Response Time: AI should reduce time-to-respond by at least 50%. This target was met.
- Recommendation Accuracy: At least 90% of AI recommendations should be deemed correct by qualified reviewers. The company is still developing measurement methods for this metric.
The scorecard kept the project focused and prevented scope creep. Organizations should define their own priorities upfront and secure buy-in from leadership before implementation begins.
Manage Expectations About AI Capabilities
The second critical lesson: frame AI's role clearly from the start. Without clear messaging, teams fill gaps with unrealistic expectations.
NTT Data told analysts that AI would not be perfect, especially early in deployment. The company emphasized that AI's real strength would be improving week by week as it learned from the environment.
This messaging prevented disappointment and built realistic understanding of how AI augments rather than replaces human judgment.
The Vendor Selection Process Matters
NTT Data selected Simbian as its AI SOC vendor after a false start with another provider. The company is now in production with strong results.
The lesson here is straightforward: pilot programs reveal whether a vendor's product fits your environment and workflow. A poor initial choice is recoverable if you learn from it and move on.
Where to Learn More
Operations teams looking to implement AI in security roles can explore AI learning paths for cybersecurity analysts, which cover threat detection, security automation, and SOC optimization. For broader operational efficiency, AI for operations resources address workflow optimization and process improvement.
Your membership also unlocks:
