Cumulo: the UK's Sovereign AI SOC Platform

A Technological Advancement for British Cybersecurity

The company e2e-assure has recently launched Cumulo, an innovative SOC (Security Operations Center) platform that stands out for its advanced integration of artificial intelligence (AI) and technological sovereignty. This initiative directly responds to the announcement from GCHQ regarding the development of an AI Cyber Shield, an AI-driven cyber shield designed to identify threats and vulnerabilities before they materialize into incidents. Cumulo positions itself as a fully British solution, designed and owned locally, echoing the call from GCHQ Director Anne Keast-Butler. She emphasized the need for a national cyber defense that incorporates cutting-edge AI capable of operating at machine speed. This platform represents a significant advancement for e2e-assure's SOC services, offering a truly sovereign solution.

Integrated AI Technology for Proactive Defense

AI is at the heart of Cumulo, enabling continuous and contextual analysis of security data. This approach elevates detection and response to unprecedented levels, facilitating revolutionary defense capabilities. The SIEM (Security Information and Event Management) remains the primary reference point, providing a deterministic record of every event, while AI operates in parallel to enrich the analysis. Cumulo introduces the concept of zero-day SOC, allowing for the immediate application of intelligence on emerging threats. With predictive modeling capabilities and local AI models, the platform ensures near-instant detection of indicators of compromise, while maintaining expert human oversight at the core of the decision-making process.

A Human-Centric and AI-Driven Approach

According to Rob Demain, CEO of e2e-assure, Cumulo marks a departure from traditional SOC environments, which are often reactive and human-centered. Threats are now evolving at a pace that human processes struggle to keep up with. Cumulo, on the other hand, builds a continuous understanding of the generated data while keeping analysts at the center of decision-making. The platform maintains a digital twin of each client environment, allowing for secure attack simulations and proactive risk identification. This approach is particularly crucial for operational technology (OT) and critical infrastructure environments, where live testing can be risky.

Cumulo employs passive discovery across IT and operational technology (OT) systems to continuously maintain a digital twin. This method allows for risk-free attack simulations, identifying risks before they can be exploited and preserving analytical integrity in an immutable manner. This is especially valuable in environments where live testing is often impractical or carries unacceptable operational risks.

Data Sovereignty and Technological Independence

Cumulo deploys local language models (LLMs) in sovereign environments, specifically trained for each organization. This strategy ensures total sovereignty over sensitive security data, reducing reliance on external cloud AI services. For national critical infrastructures (CNI), this independence is essential for ensuring operational continuity. Rob Demain emphasizes the importance of resilience for critical infrastructures such as energy, water, and telecommunications. Cumulo ensures that defensive capabilities remain intact even in times of crisis, maintaining operational knowledge within client-controlled environments.

Dedicated local language models for clients (LLMs) are trained on the specific environment of each organization to enable precise and contextual reasoning that reflects each client's realities. As inference occurs within a client-controlled infrastructure, organizations retain full sovereignty over sensitive security data and reduce their dependence on external cloud AI services.

A Layered AI Architecture for Enhanced Security

Cumulo adopts a layered AI architecture, separating operational reasoning from broader intelligence capabilities. A local model layer manages environment-specific detection, while a security intelligence layer aggregates data at scale. This structure ensures that sensitive data remains protected while allowing for advanced AI capabilities. To manage the growing volume of security data, Cumulo utilizes multiple AI models that examine each investigation from different angles. The Cumulo Analyst Helper (CAH) builds an auditable view of each alert, validated by an anti-hallucination layer. Client security experts remain involved throughout the process, focusing on high-value judgments.

A boundary model layer is used for non-sensitive enrichment tasks and broader analyses. This structure ensures that sensitive data remains contained while allowing for advanced AI capabilities where appropriate, supporting both compliance and performance requirements.

A Flexible Product Model to Meet Diverse Needs

Cumulo is offered through a multi-tier product model, tailored to different stages of security maturity. The standard tier provides proactive SOC capability, with AI-driven investigations and autonomous threat hunting. The enterprise tier extends these capabilities to a predictive SOC, adding unified monitoring of IT and OT, as well as digital twin capabilities. This predictive model continuously tests an accurate twin of the environment, allowing for the classification and assessment of patches before a potential attacker strikes. This proactive approach ensures a deep operational understanding, essential for complex environments.

The standard tier of Cumulo offers centralized reporting and compliance dashboards. The enterprise tier of Cumulo adds live compliance dashboards and advanced correlation between environments, enabling a deeper operational understanding for complex environments that require a more thorough operational insight.