Microsoft Events hosts a session outlining how to architect the SOC of the future, leveraging Microsoft Sentinel, Defender, and advanced AI-powered security operations.

Blueprint for Building the SOC of the Future

Session Overview

This intermediate session from Microsoft Ignite 2025 dives into the components and strategies for establishing a next-generation Security Operations Center (SOC) built around Microsoft Sentinel and Defender platforms. Attendees will see practical designs and workflows that bring autonomy, adaptability, and integration to security teams.

Key Topics Covered

Mapping Organizational Complexity and Attacker Awareness
- Understand how complex environments challenge traditional SOC approaches.
Building the Organizational Security Graph
- Use graph-powered reasoning to visualize identity relationships and attack surfaces.
Using Agents and Graphs to Identify Attack Paths
- Discover techniques for tracing potential attacker trajectories through your environment.
Hunting and Anomaly Detection with Graph-Based Analysis
- Implement proactive hunting and detect anomalous behavior using graphs.
Unified Identity Inventory
- Centralize identities to improve correlation and detection.
Real-time Attack Detection and Automated Response
- Build workflows for immediate threat detection and automated incident response.
Assistive AI Agents: Copilot and Collaborative Coding
- Leverage AI agents and Copilot for improved analyst efficiency and collaboration.
AI in Enrichment, Automation, and Response Workflows
- Use AI to enhance context, automate repetitive tasks, and drive faster decisions.
Key Lessons Learned
- Speed, continuous AI improvement, and fostering industry collaboration are highlighted as critical success factors.

Additional Resources

Speakers

Gary Berletti
Matt Graham
Raviv Tamir

Who Should Watch

Security architects, SOC engineers, and IT professionals interested in evolving their operational practices using Microsoft cloud security tools and modern AI technologies.