Awards Don’t Defend Networks But Execution Does
Agentic, AI and Cybersecurity
Awards Don’t Defend Networks. Execution Does.
By: Simon Hunt, Chief Product Officer, Securonix
Being named to CRN’s 2026 Security 100 list for the fourth consecutive year is something we’re proud of. It reflects the strength of our partners and the work our teams are doing every day.
But recognition doesn’t stop a breach. It doesn’t reduce investigation time. It doesn’t help an analyst close a case faster at 2:00 a.m.
Security teams, and the partners who support them, are being asked to deliver outcomes, not activity. More alerts processed is a vanity metric if it’s disconnected from actual risk reduction. More data collected has diminishing value if teams can’t process it, normalize it, and turn it into useful signals. What matters is whether threats are found quickly, understood clearly, and contained before they escalate.
At the same time, the environment keeps getting more complex. More cloud. More identities. More endpoints. More noise. Threat techniques are becoming more accessible, and the operational burden on defenders continues to grow.
The gap between what teams need to do and the resources they have isn’t temporary. It’s structural.
Building for Work, Not for Features
From a product perspective, that reality has forced a reset in how we think about innovation. The question isn’t how to add more features. It’s how to reduce SOC workload in ways that are measurable, practical, and trusted.
That is the thinking behind Sam, the AI SOC Analyst. Sam isn’t designed to sit on the sidelines as a passive assistant. It’s designed to take on real work in the SOC: triage, investigation support, correlation across data sources, guided response, and one of the most time-consuming tasks in any SIEM program, optimization.
The goal is to reduce the time between signal and decision, while freeing analysts to focus on the work where human judgment matters most. But that only works if the system is trusted.
Why Guardrails Matter
AI in security can’t operate without boundaries. The stakes are too high, and the industry has too much history with overpromised automation to ignore that lesson. No security leader wants to explain to management, the board, or shareholders that critical decisions were handed over without oversight.
That’s why, with Sam and the underlying AI systems, we’ve focused heavily on guardrails and human-in-the-loop or human-near-the-loop operating models. Every action operates within defined limits. Every recommendation is explainable. Every step can be reviewed.
This isn’t about slowing things down. It’s about making sure speed doesn’t come at the cost of control. At every stage, Sam is intended to make the decision point for analysts clearer and faster, not rushed, and not more complex.
Over time, this model will evolve. Human-in-the-loop will move closer to human-near-the-loop. The checks an experienced analyst would apply will increasingly be built directly into the workflow. AI will bring context. The system will enforce logic. The human will guide and validate at the right moments.
That balance, coupled with earned trust, is what makes automation usable at scale.
Innovation That Shows Up in Outcomes
We’re also rethinking how data supports this model. With our intelligent data ingestion system, DPM Flex, teams aren’t forced to choose between visibility and cost. They can apply data where it matters most, whether that’s real-time analytics, deep investigation, or long-term retention.
Just as important, Flex gives teams the ability to reallocate and tune data flows as needs change, without unnecessary friction. Data can be redirected to make better use of available capacity, instead of being locked into static design decisions.
For partners, that changes how services are delivered: one platform, one entitlement, and the flexibility to adapt without re-architecting or renegotiating.
For analysts, it means less time managing pipelines and more time working actual incidents.
What This Means for the Channel
MSSPs are in a unique position. They aren’t just deploying technology. They’re delivering outcomes across multiple customers, at scale, under tight SLAs, high expectations, and constant margin pressure.
AI-supported SOC analysts can change the economics of that model. With capabilities like Sam, a single analyst can handle more investigation work with greater consistency. With guardrails in place, providers can scale that capability without taking on uncontrolled risk, while still meeting their obligations for explainability, detailed event triage, and measured productivity.
But this also raises the bar on what customers will expect. They’ll want visibility into what AI is doing on their behalf. They’ll expect clear reporting, defensible decisions, and measurable improvement.
That’s where platforms need to support not just execution, but accountability.
Where We Are Focused
- Building systems that do real work with quantifiable productivity gains
- Embedding guardrails that reflect human judgment
- Giving teams the flexibility to operate without friction
- Making outcomes visible and measurable
That’s how we help security operations scale while building trust.
