Culminate combines human and artificial intelligence for real cybersecurity value

Artificial intelligence is no longer a luxury; it’s a cornerstone of modern IT infrastructure. Now, generative AI is following the path, as more businesses seek new ways to accelerate innovation and efficiency. When leveraged responsibly, these technologies empower organizations to operate faster, make smarter decisions, reduce costs, and increase output. However, despite new AI capabilities coming to market, “the cybersecurity alert investigation process today is largely manual,” says Guo, Co-Founder and CEO of startup Culminate. “Attackers, on the other hand, are leveraging AI.”  

Culminate is a rapidly growing startup helping customers navigate this complex environment through its partnership with AWS. Founded in 2023, in the space of a few years Culminate has assumed a position at the forefront of AI, security, and product development. By participating in the AWS Generative AI Accelerator, leveraging Amazon GuardDuty, and running its workflow on AWS services, Culminate helps customers overcome cybersecurity challenges and stay agile in an ever-evolving landscape.

The startup combined its AI SOC Analyst solution with Amazon GuardDuty’s intelligent threat detection for AWS environments. This enables Security Operations Center (SOC) teams to detect and respond to threats with speed, precision and fewer overheads, better protecting assets and end-users. It’s also enabling businesses to augment and upskill human workforces: “We’ve shown that AI SOC plus human SOC can produce 12 times the output of a human-only team,” says Guo.

Enhancing SOC with intelligent alert investigation

Culminate’s advanced solutions form the technical backbone of its approach, yet the startup places equal emphasis on the human side of cybersecurity. “Our company mission is to produce the best AI workforce for every security team,” says Guo. That mission starts with SOC: the nerve center for cybersecurity defense. “We started with SOC because that's the most urgent and most expensive staffing department for the security team,” explains Guo. Given the high-pressure, resource-intensive nature of SOC teams, addressing their challenges also unlocks broader operational and business value.

This is where Culminate’s passion lies, explains Guo: in “helping the industry to use AI to handle all the initial high pressure, repetitive, and tedious security alert investigations so humans can focus on what's truly important in terms of defending their organization.” Its mission and passion doesn’t end there: “over time, we want to expand and help the other security teams,” adds Guo.

Addressing the weak links in SOC operations

Guo’s background and that of Co-Founder and CTO, Diane Lin, provided an essential grounding in the challenges facing security teams. “What’s time-consuming is always human,” says Lin, referring to her experience in AI threat detection. When using traditional approaches, “you need to spend a day to confirm whether the machine learning (ML) output is correct or not”, a real drain on human resources. Guo agrees: “through my journey in security companies, I’ve seen first-hand that incidents happen not because there's no alert. It's primarily because people don't have time to investigate the alerts, or they don't have the time to do a good enough job to investigate the alert.”

Getting the resources to investigate attacks is also problematic. “Security jobs require a lot of training and experience, and it's very hard for security teams to hire these high-quality candidates in the market these days.”

In addition to time-consuming manual approaches and a skills shortage, SOC teams are tasked with managing a huge number of alerts across complex environments, using multiple tools often limited by legacy capabilities. The startup is solving these challenges for its customers, adopting services and solutions from AWS and demonstrating “the power of AI to really change the game,” says Lin.

A starting point for smarter cybersecurity

Culminate’s solution integrates with Amazon GuardDuty to enhance its AI-driven SOC capabilities. Amazon GuardDuty is a fully managed threat detection service designed to continuously monitor and protect AWS accounts, workloads, and data stored in Amazon S3. It leverages machine learning, anomaly detection, and integrated threat intelligence to identify potential security threats across an AWS environment.

The solution provided a “starting point” says Lin. Culminate’s SOC Analyst connects to Amazon GuardDuty, ingesting its data alongside that from a diverse range of other sources beyond AWS, such as SSO, EDR, SaaS, email, etc., creating a more comprehensive view of potential threats. This enhances the capabilities of both the technology and the teams using it. “We're helping Amazon GuardDuty customers to get more value and reduce the human effort needed to investigate alerts,” explains Guo.

The solution also enables customers to strengthen their cybersecurity defences by learning from customer feedback and adapting its responses through a combination of AI-driven learning and customer-specific configurations and environment. “We call it ‘super intelligent’ in the sense that it will learn from the customer feedback,” says Lin.

The results are impressive. “We're able to reduce investigation time by 75 percent. We're able to reduce false positives by 95 percent and we reduce engineering escalation by 60 percent,” says Guo. Much of this functionality is automatic. “We come in with AI and do the full automatic investigation, which not only tells them what to do, but also does the work for them,” says Lin. “We essentially translate a log, which is hard to understand, to something human and readable.” In doing so, she adds, “we also upscale their team in terms of filling the large knowledge and skills gap for the cloud.”

Culminate’s combination of generative AI innovation with Amazon GuardDuty’s foundation security capabilities is allowing its customers to realize “ten times their throughput with the same amount of headcount,” says Guo. In doing so, the startup is “enabling AWS customers, especially their SOC teams, to do much more with less.”

Leveraging AWS services has also helped the startup itself overcome challenges and be more productive. Utilizing the existing capabilities of Amazon GuardDuty allowed Culminate to “hit the ground running,” says Lin. Furthermore, “all the generative AI and machine learning frameworks on Amazon Bedrock were super helpful for us as an early-stage startup, as we didn’t need to build a lot of those from scratch,” says Guo. Amazon Bedrock offers a range of high-performing foundation models from leading companies, including Anthropic which Culminate has leveraged, all accessible through a single API.

The technical support provided also allowed the team to keep up to date with developments in the generative AI space. “We get the previews of the latest features coming out [on Amazon Bedrock], and on the security side, when Amazon GuardDuty had new alert capabilities we got notified early, before others.”

‘Super-fast’ growth

In addition to technology, Culminate’s collaboration with AWS brought other benefits. “We have accelerated our journey significantly through the help of the AWS Generative AI Accelerator program,” says Guo. This was evidenced by “how fast we got into AWS Marketplace, how many additional customer conversations we had at AWS Reinvent, and all the internal AWS solution architects that we talked to in such a short amount of time.”

AWS Marketplace is a curated digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services. Culminate was able to access this resource “super-fast,” continues Guo. “I believe that in about two to three weeks we had customer transactions going through AWS Marketplace, which has helped us to streamline the sales cycle.” This was significant in accelerating the company’s go to market (GTM) strategy and supporting its startup journey and future trajectory. “We are increasing our head count, hiring sales and marketing, and all the GTM functions, and we have a growing amount of customers that use AWS.”

AWS and Culminate: A winning collaboration

Finally, just as Culminate is utilizing AWS solutions and services to enhance its customer offering, it has also drawn on the ethos and approach of AWS to better serve those customers. “Working with AWS, it strikes me that the customer obsession was so strong in the sense that whether it’s mentors or solution architects, they actually made a connection with us,” says Lin.

Culminate embedded this in its own way of working, and through the AWS Generative AI Accelerator program, it has learned “how to run our company and how to use customer obsession as a core value for our customers.”

The results are evident in Culminate’s rapid growth, the efficacy of its solutions, and the ever-evolving cybersecurity challenges it’s tackling for its customers. The collaboration is a winning one, both literally and metaphorically. Culminate was named as a finalist in the 2024 RSA Launch Pad competition, a prestigious platform that showcases emerging cybersecurity innovators, and scooped an award at DefCon, a premier cybersecurity conference.