A global team with 4 regional SOCs faced rising alert volumes, SLA breaches, and limited automation. Traditional playbooks couldn’t keep pace, and generic AI was dismissed as unreliable. They needed an AI Platform for SOCs that was accurate, consistent, and audit-ready.

PROBLEMS THEY FACED

• High alert volume, high false positives: analysts overwhelmed with benign alerts.
• SLA breaches: backlog slowed response to real incidents.
• Playbook limits: SOAR rules couldn’t adapt to edge cases.
• Architecture transition: new cloud-native SOC stack introduced scale challenges.

‍

SOLUTION: Arcanna Decision Models

• Started in Suggest mode – analysts approved/denied AI recommendations, training the model.
• Initial rollout – reliability and learning performance validated within weeks.
• 1-year results - expanded scope confirmed sustained accuracy, reduced false positives, and measurable SLA improvements.
• Seamless SIEM/SOAR integration – worked directly with Google SecOps SOAR, no new stack required.

‍

Competition & Differentiator

Unlike generic GenAI tools dismissed for hallucinations and inconsistency, Arcanna proved:

• Predictable accuracy - models aligned with analyst judgment.
• Explainability - decisions backed by evidence and similarity matches.
• Governance controls - thresholds, HITL, rollback ensured safety.

‍

METRICS & RESULTS (post-acquisition KPIs)

• 4,546 P1/P2 cases offloaded → 1,136 analyst hours saved potential
• MTTT reduced → Analysts: 18 min → Arcanna: 3 min
• SLA met percentage → 93.55% (all misses due to SIEM-SOAR delays)
• Total analyst time saved → 4,185 minutes (83% triage time reduction)

‍

Why It Matters for MSSPs

For MSSPs, every analyst must cover multiple tenants. The ability to triple tenant coverage without extra hires depends on reducing false positives and hitting SLA targets. Arcanna’s models slot into existing SOAR workflows, so SOC leaders can:

• Serve more clients per analyst without burnout
• Show auditors and customers proof of control
• Maintain margins while scaling operations globally

‍

This case study is anonymized, but for qualified MSSPs and enterprise SOCs, we can arrange a direct introduction to the vendor team that ran this deployment. 👉 Book a Demo

‍

‍

‍