Today, SOC-as-a-service provider e2e-assure introduced Cumulo, described as a UK sovereign, AI-first, IT/OT-integrated SOC platform. It is intended to address AI-driven cyber threats and support defence against evolving cyber adversaries.
The platform was developed in response to a national call for improved cyber defence and incorporates AI to enhance threat detection and response capabilities. AI is integrated throughout the system to help maintain context as security data is processed. It represents a move away from traditional, mainly reactive SOC operating models.
A key feature of Cumulo is the “zero-day SOC” capability, which enables the rapid application of threat intelligence as detection rules to help mitigate emerging threats. The platform combines predictive modelling with human oversight, aiming to support faster identification of indicators of compromise while keeping analysts involved in decision-making.
Cumulo also includes a digital twin of an organisation’s IT and OT environments. This passive discovery capability allows for simulated attack scenarios and early risk identification without affecting live systems. This is particularly relevant for critical infrastructure environments where active testing may carry higher risk.
The platform is designed with data sovereignty and operational security considerations. It can deploy organisation-specific local large language models (LLMs) intended to keep sensitive data within the organisation’s environment and reduce reliance on external AI services, which may be important for sectors such as critical national infrastructure (CNI).
It also uses a layered AI approach, including environment-specific detection layers, broader analytical processing, and aggregated intelligence. The aim is to support compliance requirements while maintaining system performance across security operations.
To manage high volumes of security data, Cumulo cross-checks alerts using multiple AI models and includes a component called the Cumulo Analyst Helper (CAH). This is designed to support validation against threat intelligence and reduce incorrect or unverified outputs, assisting security analysts in their workflows.
The platform is offered in multiple versions intended to suit different organisational requirements. The Standard version provides baseline SOC capabilities, while the Enterprise version adds features such as predictive monitoring and expanded compliance functionality.
