Culminate is #1 in human output at DEFCON SOC Olympics: Superpowering your SOC Team
As the world tuned in to the excitement of the Olympics, our team at Culminate was engaged in a different kind of competition—the SOC Olympics at DEFCON’s CTRL+ALT+DETECT, formerly known as OpenSOC. The competition was between August 8-11, 2024 at the DEF CON Blue Team Village. We are thrilled to announce that Culminate (team cul
) achieved #1 in human efficiency and a top 3 finish among 104 highly skilled teams!
This accomplishment is a significant milestone for the cybersecurity industry and for Culminate. Here’s why:
Leading the Charge in Human Efficiency
Culminate ranked #1 in human efficiency, a clear indicator of the strength of our AI SOC analyst. Our team managed to score 12X more than 80% of the participating teams and was 50% more efficient than the first-place team, despite having far fewer human participants. This demonstrates how our AI is not only optimizing human resources but also setting new standards for efficiency in the SOC environment.
Proving AI Capabilities in Real-World Scenarios
We are proud to be the only SOC AI analyst company to demonstrate our capabilities in a large-scale, realistic public competition. This event showcased the speed and accuracy of our AI SOC analysts in detection, investigation, and threat hunting. Our performance at this event is a testament to the practical effectiveness of AI in real-world cybersecurity operations.
Transforming the Future of SOCs
At Culminate, we are already saving tens of thousands of hours for our customers' SOCs. Our goal is to multiply every SOC team's output by at least 10X. This achievement not only validates our vision but also demonstrates our commitment to revolutionizing the way SOCs operate. Our AI SOC analysts are not just meeting industry standards—they are setting new benchmarks.
The Defcon SOC competition
The CTRL+ALT+DETECT competition challenges participants in digital forensics, incident response (DFIR), and threat hunting. Designed to replicate real-world security operations, it pushes cybersecurity professionals to investigate multiple parallel attack chains, analyze logs, and apply incident response processes under pressure.
Participants work in a hyper-realistic enterprise environment with Active Directory, servers, and simulated end-users, facing novel, complex attacks. This competition is ideal for experienced security professionals, IT professionals transitioning into cybersecurity, students, and anyone eager to experience real-world security challenges.
It’s not just a competition; it’s a training ground for worst-case scenarios, allowing participants to validate their skills and network with top cybersecurity experts.
How do our AI SOC analysts help human teams?
Our team at Culminate competed with a unique setup: just one SOC L3 incident responder and two engineers with no prior SOC experience, while many other teams fielded full five-person squads. Despite this, our performance in the competition showcased the strength of our AI SOC analysts.
Due to competition rules, we can't share specific details about the questions or techniques used. We recognize that these hyper-realistic scenarios require significant effort to create, and revealing too much would detract from the fairness and enjoyment of future competitions. Instead, we want to focus on our approach and how it translates to real-world environments.
Like all participants, our AI SOC analysts entered the competition with no prior knowledge of the environment or data. However, they excelled by emulating elite analyst skills, investigating on the fly, and performing at the level of top-tier SOC analysts. During the competition, our AI systematically queried tools to triage datasets related to processes, files, registry, network activity, and user identity. This enabled our team to quickly filter out false positives and zero in on real threats.
Our AI SOC analysts also demonstrated their ability to perform advanced threat hunting. For example, when asked to investigate a process, the AI analyst analyzed the entire process tree, including parent, child, and related events. If PowerShell activity was detected, the AI seamlessly integrated the PowerShell logs to continue the investigation.
Lateral movement, often a time-consuming task, was automated and streamlined by our AI, which efficiently connected the dots across the network. Additionally, our AI analysts conducted forensic investigations, delving into shellbags, prefetch files, and other disk artifacts with precision.
Conclusion
This competition validated our AI's capability to perform in high-pressure, real-world scenarios, proving that our technology is not only competitive but transformative in the cybersecurity landscape.
We extend our heartfelt thanks to the organizers—Eric Capuano, Whitney Champion, LimaCharlie, and DEF CON Blue Team Village—for their dedication to the cybersecurity community. A special thank you to our incredible team, whose hard work and innovation made this achievement possible.
Stay tuned for more updates as we continue to push the boundaries of what’s possible in cybersecurity.
Culminate—Empowering SOCs with the future of AI. Together, we’re transforming the future of cybersecurity. If you are interested in how we are saving tens of thousands of hours for our customers, schedule a demo here.