# How Vodafone Uses n8n to Automate Cybersecurity and Save £2.2M | Webinar with Bounteous ## Метаданные - **Канал:** n8n - **YouTube:** https://www.youtube.com/watch?v=JaY-k8CnM98 - **Дата:** 15.07.2025 - **Длительность:** 44:04 - **Просмотры:** 9,594 ## Описание How do you automate cybersecurity at scale in one of the world’s most targeted industries? In this webinar, Vodafone UK shares how they revolutionized threat detection and response using n8n, saving £2.2 million and more than 5,000 person-days—all while meeting strict Telecom Security Act (TSA) compliance requirements. Joined by experts from n8n and Bounteous, we cover: ✅ Key cybersecurity challenges in the telecom sector ✅ Why Vodafone chose n8n over traditional SOAR tools ✅ How reusable low-code workflows accelerated deployment ✅ Real-world examples including fraud detection ✅ How Vodafone is preparing for AI-powered threat intelligence Learn more about using n8n in a SecOps setting on https://n8n.io/secops/ #n8n #secops #security ## Содержание ### [0:00](https://www.youtube.com/watch?v=JaY-k8CnM98) Segment 1 (00:00 - 05:00) A minute for people to join in and then get started. Okay, let's get started. Thank you everybody for joining our webinar today. Uh our webinar is leveraging automation in cyber security revolution revolutionizing threat intelligence. My name is Gancheli Narang. I'm SVP sales at Bountius and I'll be your moderator for today. Just a quick note before we start the session today will be recorded and the recording will be shared with you. Uh we'll do Q& A at the end. So please feel free to post your questions using the panel and if anybody likes a question, please feel free to upote. We'll try and cover most upvoted questions. Moving on to the speaker introductions. Uh we have an esteemed panel today. Um we have Claire Van Hinsburg from Bodafone 3. Claire heads cyberprevent engineering for Vodafone 3 and she has been focused on driving automation to deliver business outcomes. Uh Vira Ratnalikar Vira is responsible for customer success at N8N. And last but not the least we have Sumit Sasha. Sumit heads the telco practice at Bountius. Welcome Claire Viraj and Sumit. I'm really looking forward to an exciting discussion with three of you. Moving on to the agenda for today. In today's webinar, we'll talk about key cyber security trends in telco. Uh we'll cover Vodafone cyber security objectives and we'll go deeper into how Vodafone NAT and Bountius have come together to transform Vodafone cyber security uh and some of the exceptional outcomes which the three have achieved together. So stay tuned and uh looking forward to some nice questions also towards the end. So just before we start I thought to help put things into perspective right I'll start with a figure from Gartner's research. Gartner claims that uh the average cost of breach in telco has risen to 5. 72 million and with the advent of AI and uh with the rise of uh threats the cy the security strategies need to be top priority for all the organizations. Adding on to that uh telecom sector is the third most vulnerable sector just behind finance and healthcare. So cyber attack frequency and complexity for telco ranks number three and this is only expected to grow. So now that we understand what cyber security how important cyber security is for the telecom sector I'll pass it on to cla. Let's hear it from cla on what are the key problems with vodafones cyber security and how you overcame them on this project. — Over to you. — Thanks Katangeli. Um, as Gatangeli just mentioned, the telco industry is a high priority target for bad actors and adversaries. In the current climate, the political unrest and countries being basically at loggerheads with each other is becoming increasingly important as a nation to protect our infrastructure and our assets such as our communications networks. The government has recognized the importance of this and introduced the telecom sec um security act which we refer to as TSA just for simplicity. um it set out a long list of regulations that we as a network provider such as Vodafone need to adhere to and in this case specifically for logging and monitoring which is the area that I've been specifically interested in for automation. Um we've been doing logging and monitoring obviously for years but with TSA it stipulates that the coverage has to be a lot more comprehensive and extensive. Um therefore telos not just Vodafone but all of us are having to ensure that more assets are not just being logged locally but also stored centrally so that we can add that use that data to identify larger patterns and then retain it for a lot longer. So now we might retain something for 90 days we have to do 13 months. This means that there's going to be more assets, more data, more data types, and therefore that's going to result in more monitoring being required and more alerts being generated. Given that we already process 3 to 5 billion events per month and have thousands of alerts ### [5:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=300s) Segment 2 (05:00 - 10:00) every month, we've already got a really busy sees and engineering team that manage our um security platforms. So the challenges um the manual process um we used in engineering and seesock are time consuming and as we increase logging and monitoring that's going to result in a resource drain. We need to increase resources exponentially unless we work smarter rather than harder. Um so the solution what we came up with is we started looking at saw options. We looked at traditional tools such as IBM resilient and tines and we did proof of concepts in uh with some of those um and although great they could help with the sore issues but they couldn't really address our overall workflow capability and issues. So we looked at other low code no code platforms such as out systems um Mendix even power automate um all of which are great tools but weren't really security focused at the time. So when we found NA10 which did both it provides saw capability and a workflow capability it provided a low code model as well as the ability to code in for more complex workflows and integrations. So it kind of did everything that we wanted all in one tool and it allowed us to create a modular solution. By that I mean you can approach workflow as just do one workflow and do it end to end and then sub workflows and you just do things specifically for that workflow. with NA10, we were able to create modules. So, we broke down our workflows and looked at what we could reuse um and use them not just in our own other workflows, but actually in other teams or in other spaces. So, because basically once you've got an email module, you can use it anywhere. Um the next thing we needed to do was do this quickly. We can't wait around forever. So we looked at partners and we did we went to quite a few different people and we actually selected Bountius as our accelerator and the reason we did that was they listened and they understood what our requirements were. They provided flexibility within what we could and couldn't do as well and they took ownership. So once we'd explained what we wanted and how we kind of wanted it to be done, they took over the discovery. They created the solution. They also manage and the infrastructure for N10 because our engineers were already too busy and they built out the solution that we wanted that gave us that flexibility and reusability. Vira will now demonstrate that to you as he goes over N10's capabilities. — Thanks, Cla. Uh so in a second we'll see the NAN canvas or the UI uh that you'd see is once you log into NAN and start building a workflow. Now in this case we've taken an example uh that uses Cabana and works on resolving tickets more quickly and more efficiently. So each block or node that you see on your screen right now that represents an operation in our flow. You'll see certain blocks are orange with the arrow. Those are the modules that CLA referred to earlier. So these are all, you know, reusable components that can be used across multiple workflows. We talked about modularizing the email um subworkflow. So that's something that we'll dive into in a second. Um and then you can have similar ones for example for upserting database records. Any I guess repeatable operation that has maybe a fixed set of inputs and then a fixed outcome or output as well. Now you also see the curly brackets the yellow uh those are code blocks. Um, now these allow you to write Python or JavaScript and again we'll cover them later. And everything else for example the green loop that the two arrows these are examples of low code blocks in NA10. So these are used in cases where it's quicker just to drop in a no code or low code block than it is to write code from scratch. On the next slide we'll go into a view of the node settings view. So when you click into one of these nodes you'll see on the left you've got your input pane. You can see all the data that's flowing in into that operation. In the middle you've got the setting. Uh so all the green highlights there are actually pulling either environment variables or input data uh that's been passed into that particular node. And then on the right we see the output from that node. Uh right now it's displayed as a table but you could have it as JSON. Uh you could also have it in schema view just to get a feel when you're building for what kind of data or data types there are in this workflow. And you'll see it says view subexecution. So one of the intentional decisions we've taken with NA10 is to have both the data and the operation pretty close together. So if in this case by clicking view sub execution I could see exactly what uh input was passed into that search case subworkflow and see what was processed and what the outcome of the output was as well. Um then I talked a little bit about writing code. So if we dive a little bit into that um you'll see on the next slide that code has been written. uh and in these cases it was deemed that code actually achieved things faster rather than using the built-in low code nodes. You can write code in n10 in either python or in javascript and again importing external libraries and modules is also possible as well. Now in this ### [10:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=600s) Segment 3 (10:00 - 15:00) case what we're seeing is cabana. So as soon as this workflow has started we're seeing that case and cabana being marked as in progress. That's the yellow tag that we saw just earlier. And once it's been marked as in progress one of the next steps in the workflow is sending an email. And that's what we'll see next. So in this case, uh, once the workflow runs, you'll see an email is sent, it's in the inbox, and we've got these two buttons, you know, yes or no, requiring an input or a human in the loop, uh, response from the user that that's been selected as or the right person to surface this uh, suspicious login attempt to. Um and then what we can see is if we click on or if we go to the next slide, we can look at exactly how this uh module or this send email module has worked. And the eagle-eyed amongst you will notice that an obviously has a dark mode as well uh for the hardcore engineers who prefer uh prefer using dark mode as well as light. Now in this flow, we're passing in data. So recipients, the email uh content, the email subject, and then we have a Outlook node at the end that's configured to send an email using that data. You can of course pass through, you know, additional optional data parameters if you need to, whatever you need to get that email sent out. And if you're not using Outlook, you could easily put in a Gmail uh node at the end or even an IMAP node to be able to send from virtually any email service. Nan is built with that flexibility in mind. Everything is drag and drop. So while you can write code or write, you know, JavaScript uh scripting to reference certain properties, you can also just drag and drop from the input view into the output or the into the settings pane as well. And now if we go back to the email, we'll see that once you click that yes or no button, uh that takes you to a form, uh which as you might have guessed is also generated with NA10. I'll just give a second for the slide to change. Um and you'll see once this form opens up uh you'll have you know just a quick comment on the case and once that's submitted the second line of this any workflow is triggered. So this is only triggered uh once that form is submitted and we'll see shortly the data I think there's a bit of lag possibly we'll see the data that u is received by this form and how it flows through and again all we're doing here is once this uh this is marked as a legitimate threat uh it's going to close sorry it's going to update the case in cabano and it's going to add these case comments uh there as well creating the form hosting the form generating the URL all of that is handled uh by an A10 again in this quite low code Okay. Uh, and again with the option to write code to handle that response once it's in. So there we have it. Um, maybe just a quick 10-ft view on an example workflow that's triggered based on cabana cases prompting the relevant subject matter expert by email to check and verify if the alert is legitimate. If it is, as in this case, uh, an email is triggered to the relevant team member and the case can be closed directly from the comfort of one's inbox. This is just one of 30 plus workflows uh that has contributed to Vodafone's cost and time savings so far which CLA will talk about in more detail. But before handing on to CLA uh I'd maybe call upon Summit and say NA10 you know gives you more than the ability just to build workflows. It also handles deployment and monitoring and all of the typical things you might expect when writing when engineering in code. So Summit could you share a bit more please on how bouncy uses NA10 to leverage CI/CD best practice in a low code environment? — Definitely. Thank you Vaj. uh if you could go on the next slide now on top of vira what right he just highlighted it's a usage of the platform and the flexibility that it allows and I would just like to call out some of the key areas you know which helped us in the design and development uh which had been done using environments capability in any uh in fact that enables the entire CI/CD the DevOps life cycle and utilizing environments in Enitin we were able to build develop test and deploy code and applications And this allowed us to you know easily and securely create and update workflows and take them through the life cycle. And uh also as you can see on the screen it's also allowed for version control and log streaming capabilities. Now speaking about workflows you know which we were able to do uh on this program. Our team helped in developing several reusable workflows which added to the repository for Bodapon. And to site some examples, there's one for fraud detection, which essentially is, you know, the ability to provide IPG location and uh fraud detection services to help businesses localize content, enhance security and detect suspicious online activities. I'll take one more example which is around detecting malware blacklistings and security vulnerabilities which basically analyzes the network request and checks for any fishing suspicious redirects and any such of type of cyber security attacks. Now with that let me hand it over to CLA to talk about some of the outcomes and impacts from the program. — Thanks Smit. Um, so since we launched our NA10 capability and our first saw workflows, we only launched our first workflows back in August 2024. Um, so ### [15:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=900s) Segment 4 (15:00 - 20:00) last year, so we've not even been using NA10 for a year yet, um, fully. Um, we've launched 33 workflows and within there we've also launched sub workflows. So, and we have um, more in the pipeline. And now it's not just for logging and monitoring for engineering and saw we're actually looking it for otheri cyber prevent um engineering platforms as well. Um by introducing NA10 we've been able to enhance our monitoring and our checks as Summit mentioned um that would have previously been either impossible or have taken a lot of effort. Um for example um just looking at Summit mentioned the um the saw side but from an engineering side um we're now taking in a huge number of data feeds that basically as part of TSA we have to make sure that they're always feeding um and so we've created a monitor a use case and a workflow that allows us to monitor those um feeds for and let's say there's about 50 of them at the moment um because we have collectors um and they're passing a huge amount of data. Now, when one of those disappears, we need to very quickly identify why it's disappeared. So, the workflow that we've got in place now checks every 5 minutes to see have the feed is the feed still working, is it still running? And if it isn't, it will do basic triage. It'll identify whether it's our fault. Is it, you know, it's on our side or is it on the user side or is there something else going on? Um if it's something that it doesn't recognize, then it will drop to a manual flow. Um but that process would take us quite a long time in you know just even doing the checks would we it take us 10 minutes to do the checks um for one feed. So if you extrapolate that it means we'd never be able to do it every do those checks every 5 minutes and act on them as quickly. So um it's making it so much more proactive and it's allowing us to work smarter like I said rather than harder. um our workflows now don't just support our um saw and our C sock team but they support our on boarding so how we get our data feeds in combined with a portal um they support our engineering both within NA10 itself and within um within Prism and it also helps with our content creation as well as the sort capability and because it's all modular the speed at which we can now generate workflows has you know exponentially increased so before it used We used to have to create all the inter the modules and to be honest the longest part always was the integration with other people. Um that's completely sped up and anything that we've got now we can reuse. So if we need an email module um we need to in integrate with IBM resilient for ticketing or whatever we can literally do it a lot quicker and then it allows us to kind of implement our um our new workflows a lot quicker. So um that's kind of excit you know and everything that we've done is reusable. So not just for us but if anybody else across Vodafone or three want to reuse our capability we can literally give them the architecture we can give and set them up with it very quickly and we can also set up with a base set of modules now as well. So they don't have to do the hard work that we've already done. Reuse is really important when you're using workflow and you need to kind of leverage that. Um, so some figures for you. So implementing a NA10, I've already said we've launched 33 workflows. That's actually saved us since August last year about 5,000 person days, which is crazy. Um, and it's avoided, I'm saying avoided because we probably wouldn't have done it if we had to do it with people, around 2. 2 million so far. And this year we're looking at a continued saving of about 300k a month. So that's a huge difference. and it's just exponentially improved our capability. So, it's a more efficient, it's smarter way of working and it's freeing up our valuable analyst and engineer resources to focus on higher value work. Um, and it enhances Vodafone's ability to protect the UK, our employees and our customers back to I think. — Yeah, thank you Claire. It's really heartening to see what would have entertain and bounty how we have come together and achieved such remarkable outcomes like in less than an year and especially the reuse element of it right because there's so many others who can reuse what has already been implemented and again they could probably see similar savings even in shorter time frame. — So yeah it's a great story. Thank you. And uh um again moving on to the next part of our discussion. Right. Uh I think Cla you need to go on mute. — Sorry. — Yeah. Echos. Uh moving on to next part of our discussion. No conversation these ### [20:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=1200s) Segment 5 (20:00 - 25:00) days is complete without uh us talking about AI. So let's spend some time on AI uh and uh discuss how we plan to embrace AI going forward uh in this partnership. So I'll hand it over to Vira first to speak about what NA10 are doing uh with AI in cyber security. — Thanks. Um, all right. So, this is, I think, quite an exciting one to think about and it's shaped by obviously conversations with Clare and the Vodafone team, uh, but also other security teams that we we've worked with. And I think if there's one thing that virtually everyone agrees on, it's that AI is going to be used by adversaries to increase both the frequency of cyber attacks, but also their quality or their sophistication. Um, I guess that sounds quite doom and gloom. Uh, so maybe to kind of bring things back into some balance. Um, obviously AI plays with both sides. uh so it can also be leveraged by socks and I think one of the ways in which this is going to be very powerful is uh using AI to learn from what's been done in the past and I'll talk more about both these points in a second and then finally just ending on looking ahead I think we're going to come full circle um you know maybe some of you in the audience have played with tools like replet cursor uh lovable and I think thanks to vibe coding uh as well as the workflow components of that with N10 it's going to reduce the cost and time of building with AI so diving into the first of those more frequent attacks with more sophistication. Uh it's obviously now a lot cheaper to launch these attacks. Um and one thing on the next slide you'll see is this isn't some future eventuality. It's happening today. Maybe the best example of this in recent memory is there's a news story of a company I believe in Hong Kong uh where one of the employees was scammed by a deep fake where he jumped onto a video call with some of the seauite with the executives who asked him to transfer quite a sizable amount of money uh to a third party account. Um, obviously LLMs or AI in general is key in building deep fake videos like this. And I think we're going to see this trickle down into fishing into, you know, almost any sort of social engineering type attack where it's now much cheaper to personalize that to the recipient or to the victim that that's being sent to. Um, taking this into a bit more depth. So there's a toolkit that Enthropic have put together called Incomo. You'll see a rough sketch there in beige. Um so LMS have shown some early promise in completing CTF style challenges. Uh there's limited evidence right now. So you know I wouldn't kind of say this is happening today to this extent. There's limited evidence that AI can successfully execute real world cyber attacks end to end. uh but looking at this toolkit uh researchers were able to to specify high level uh actions to an LM for example infecting a host or scanning a network and then these actions were converted by the AI agent uh you know part of the workflow into lower level primitives so for example executing commands to exploit certain tools uh and again the agent tool architecture is really key to doing this and that you could build with an A10 or a number of tools in the market now in the vast majority of these attacks that were simulated by researchers is this toolkit achieved at least some of the attack goals and I think that is in 90% plus of cases. So really now starting to show signs of you know I guess going towards that world where endto-end attacks can be exceeded by a series of AI agents working in collaboration. Um, I think we're still unclear exactly when that first attack might happen or how long it might be that might take, but I think it's quite telling that malware bites named Agentic AI as probably one of the most notable new security threats in its 2025 state of malware report and thinks we could be living in a world of agent attackers as soon as this year. So, what do you do as a sock to keep up? Now, on the next slide, I argue that um socks will have to leverage AI in order to keep up and especially to defend against uh AIdriven attacks. So currently we're seeing AI I think being used you know more as a co-pilot to perhaps there's some sort of chat interface uh making human analysts more efficient and enabling them to spend more time asking questions and less time answering them. Um what we'll move to I think is a scenario where AI partially becomes a sock analyst or handles large parts of what would have typically been the analyst's role uh especially within something like incident response. So we have here a workflow. Uh it's based with a an AI agent. Uh we called it MITER agent. Um and it's feeding in. So one of its tools is a vector store with a lot of the MITER TCPs vectorized and stored there. And what this workflow does is it takes zero tickets uh and using the LLM it identifies you know what are the relevant TCPs here both to categorize the attack based on the ticket data but also to suggest to the uh analyst what the next step might be. So you essentially have the situation where there's a customized playbook for every you know every single attack that's ready to roll that either the analyst can just you know check trigger or in some cases parts of it may already have triggered for example to enrich some of the ticket data. Um and I think one way to extend this is to teach AI what's what you know what's ### [25:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=1500s) Segment 6 (25:00 - 30:00) been done in the past both successfully and unsuccessfully so that you can adapt these playbooks every single time you face a similar attack. So that's I guess the next step we'll be looking to take this would be then to add uh a vector store of past cases and you know what those TDPs weren't and how they were solved or in some cases what didn't work or not to try that again and then taking this one step forward um I think Philip who some of you might know is quite an active voice in the cyber security world shared this opinion a few days ago which I think really captures you know what I think things will the future will look like very well. uh there was a time maybe 10-15 years ago where a lot of sock tools were handbuilt because of custom needs. Uh but it took engineers several days or you know several weeks or months perhaps in small teams to build these tools. Now as the frequency and the sophistication of attacks grow I think companies will once again in-house the building of their AI tool of their security tools rather than buying directly off the market. Um I talked about vibe coding earlier. Uh it does lower the barrier to stop building tooling. Um and I think one of the you know I think it's almost inevitable that some variation of it is adopted by socks. Perhaps there'll be challenges for sure. Uh so for example making sure the tools in themselves are secure is going to be a challenge. That's one of the current drawbacks. But I think in a world in which it takes an engineer just one day or two days to build a customized tool no longer needs a team. It's hard enough to see a future in which this is at least part of the AI future. Now bringing all this together uh I think CLA will run through the road map for Vodafone talking about what the next steps are in the immediate future but then going on into this uh AI powered world that we foresee. Over to you Cla. — Thank you. Um so yeah what's next for Vodafone? So we're going to continue to enhance our existing workflows. So as I alluded to earlier we work in an agile way and we done this very iteratively. So we haven't just done the whole thing um where it's all automated and everything's singing and dancing in one go. What we're doing is we're gradually building up the capability as we build trust in the different parts of the workflow. We're then adding to it. So you know this was a whole new scary world for our sock team and for engineers. It was how do we make it so that it's less kind of intrusive. Um, so we're going to continue to enhance the existing workflows that we've got and hopefully get more benefits from those, moving all the way through to actually remediation because at the moment we're more in the identification, triage, alerting, that kind of side. Um, we're also looking at new seam workflows, but we're also not just looking at the seam workflows. Um, we're actually looking at workflows across cyber prevent. There's lots of areas that could benefit from um engineering automation or from other kind of saw capability but not quite the same similar but slightly different. So um we'll be extending the platform. That also means we're going to need an additional instance. So we will be setting up one that's outside of our own workspace um which we host currently in the cloud. So is a cloud-based solution but it's our own cloud. Um I believe we can get capability if we wanted to from NA10 as well and host it in theirs but um right now we're um we're own hosted we're also looking at potentially hosting it on prem. So um there's lots of options around that what we're looking at and then probably a little bit more exciting is how do we adopt the AI capability that VJ has just been mentioning. So we want to use it utilize AI to our advantage whether that's either from the you the kind of the tooling that's in NA10 or integrating NA10 with our own LLM um to automate our existing playbooks for example and integrating into our automation frameworks. So there's loads of stuff that we need want to do and it's going to be a very busy year for the team. Um Summit would you like to just recap the key call outs and learnings that we've had? Sure, definitely. Thank you, Claire. Uh, moving on to the next slide. Uh, so Claire, thank you. Uh, I think it's been a fantastic experience, you know, working together with Vodafone and Enitton in this program and I know there's a lot more to do. uh just wanted to share some of the key learnings uh that we've had from the program and uh of course it's been a great collaboration across teams and organization as I was just saying across Vodafone cyber security team uh with bounty as uh the integration partner and bringing in some domain experience and then Niten with the core platform which has enabled uh the entire journey for us uh and we've all been working together across different departments roles and different skill levels and one of the key learning and which is also I believe one of the core strength of Niten is the ability to enable co-creation between business and technical teams. uh with Nitan's intuitive interface and modeler capabilities we saw nontechnical users ### [30:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=1800s) Segment 7 (30:00 - 35:00) also participate in workflow designs while technical teams had options to go much deeper wherever needed and uh also as a team we were able to you know reinforce or bring to light the strength of modeler workflow design which helped us to simplify maintenance uh and rapidly iterate and ensure consistency across complex workflows and this has been a huge enabler for us for scaling And uh finally our biggest learning was the automation work done on real world cyber security uh you know uh areas and challenges across thread detection uh responses and which gave us a lot of practical insights both on the power of automation uh enabled by any and its limitations uh which we are addressing as you know something specific which can be done with the evolving world and the new challenges. With this I would uh hand over back to Gitanti. Thank you. Thank you Summed. Thanks Claire and Virj. I hope the audience has found the session very useful. Uh so we'll move on to Q& A. Uh before we start the questions, there's a few of you who have asked for contact details. So while we do the Q& A, this slide will stay on the screen. Please feel free to reach out to any of us in case you have any further questions or you would want to have a further conversation. Uh so right moving on to Q& A cla the first one is for you. How has wood's implementation of SAR platforms transformed your response approach and how quickly you respond? — It it's definitely increased our responsiveness. So basically um alerting was it's kind of you pick it up as you go depending on severity and everything. Now we're actually picking things up so automatically. So for certain use cases we will literally it'll just go through the saw. It'll do the initial investigation triage see if it's really a problem because a lot of what we do is actually finding out is this actually a problem or not. So it's meant that those that our team even though we've increased our assets over the last two years by about 50%. And that's a lot of assets by the way. Um and that therefore has exponentially increased our alerting. Um it means that we haven't had to increase our saw team um sorry our sock team. Um and it means that we're still handling the same you know more alerts quicker, easier, simpler. Um and it also means that from an engineering perspective which slightly different. um it means that we're now picking up on drop feeds much more proactively whereas previously it was very reactive. So we notice maybe a little bit late that they disappeared whereas now it's much more proactive. So um also just to kind of point out I mentioned that we'd saved 5,000 person days previously. Um over about 3,000 of those are related to sock use cases. So that's a lot. We'd have needed a very big team to be able to do the checks and balances that we've been doing with NA10. Hope that answers your question. — Yep. Thank you Claire. — No worries. — And I see a lot of interest in NAT. So the next one has to be for Vira. Vira, what other use cases do you have in where NAT have significantly improved cyber security measures within a large enterprise? — All right. Um I think where to start is the question on this one. um quite a few areas. So I guess instant response is always a big one. Um there's a little bit around the thread intel the tip side of things. Uh but I think some of the maybe the second or one of the key workflows that we see a lot of companies using in the space is around fishing. Um and the way that works is with NAN you set up an inbox fishing attempt at companyame. com. uh all the employees can forward emails to that address and when the N8 workflow when it receives an email on that address it triggers a set of actions and that can be carrying out a virus total scan it could be uh sandboxing any malicious files checking for IPs against you know known uh databases of malicious IPs that sort of thing uh and can very quickly give a you know take action and give a quick response to the user saying yep 20% chance this is fishing you're probably good or hey this is almost certainly fishing and you know take actions for example locking out accounts escalating to managers and so on. And I guess AI is being used more and more in these sort of workflows where maybe the email content is being passed by an LLM that has examples of you know fishing attempts to add a further layer of accuracy or certainty when these sort of decisions are made. I hope that gives a flavor of some of the other directions in which any being used. — Thank you V. — I think I'm sure you'll have lots of follow-up questions. Uh so we'll take one more question. Uh ### [35:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=2100s) Segment 8 (35:00 - 40:00) with AI rapidly gaining traction, what are the primary obstacles telecom companies face in scaling AI integrations and how can they overcome the lack of in-house AI expertise? Car, I'll pass this one over to you. — I think this is a great question. I'm sure some will want to chip in on this one as well, but um I don't think AI adoption and skills is actually a problem. I think people are really keen to adopt AI. I mean, look at everybody. You go to conferences and stuff and everybody's talking about AI. Everybody's building some form of AI into their tools. Um, so I think actually it's nice. It's a shiny thing to learn about. Everybody's keen to do it. So I don't think skills and adoption are necessarily a challenge. I think people will want to pick up those skills and then leverage the capability and the tools that they already have when they bring out AI. I know I'm keen on looking at the um AI capability in NA10. I think the real problem we have is how we protect against our adversaries um as the threats that um are becoming more intelligent. So VJ already mentioned like um the bank uh which is a pretty well-known example um but they lost 25 million. I mean, how do you protect against deep fake video calls that are then combined with advanced linguistics and also emails as well? So, which effectively fishing emails, but they, you know, they're using the same domains. They're using all this intelligent stuff and they're bringing all of these different threats or these different tools together to actually attack us. So, you know, and they make a really convincing story. So, um, social engineering, I think, is like a sweet spot for AI right now. And we need, they're getting better at mimicking our human behaviors. So, we need to kind of figure out how we use AI to our advantage to combat that. So, I think it's more about how do we use AI to our advantage rather than the adoption, the skills. It's like leveraging the tools that are available. Um, also AI is kind of it's making everybody, you know, hacking accessible to everyone. So, as long as you've got a dodgy LLM without any filters, you know, like the ones we use in work and everything have some kind of moral code and standards. Um, although if you ask the right questions, you can get around those. Um, you know, it's making things easier, more accessible to bad people. So, we need to figure out how we leverage AI in the same way to be able to combat that, whether that's understanding how they're mimicking um humans, how they leveraging AI um for threats. Um and we need to do that. And that could be through training, it could be through um tooling, loads of different ways. So, yeah, for me, we've got a bigger problem than skill shortage. I think we need to focus on how we protect against it. Summit, what do you think? — Yeah, thank you, Claire. Uh and I agree uh because being on the SI side uh we see tons of examples like these. We know that uh using AI is a new norm and everybody's using AI for almost everything. We using it for development. We are using it for operations. We using it for you know uh for for looking at our traffic building applications and everything. So and it's becoming easier and easier. There's a lot of abstraction in you know knowing something being able to develop something. So to your point cla I think it's uh the scale will not be a challenge. The challenge would be how do you make sure the right data is getting you know controlled uh it's not getting exposed. How do we make sure uh of course using AI for building security applications but then security against AI or for AI as well right how do we make sure there's security who's controlling all of this. So that's going to be the focus and that's the next challenge that we would also love to work on. You're on mute. — All right. Thank you so much and cla for the answer and a very different perspective to it also. While AI is here to make things faster, it is here to add more work as well for all of us. Uh so the next one is for from Chris. Uh this one is again for Vira. Vira, is it possible that you share your NA10 flow JSON code maybe? Uh happy to. Yeah. So I guess not for the Vodafone ones unless CL CL wants to shed but we have lots of templates. Um actually if you go to I thought so uh but fear not we have anonymized you know workflows for cyber security it's one of our top categories. If you go to n10. ioworkflows you'll have templates and Chris if you have anything specific uh shoot me a message afterwards and I'll see if we can get something made for you or if something might exist off the shelf. — Thank you. Uh all right. Uh this I think we probably answered this one over the various questions but this one is hi cla what ### [40:00](https://www.youtube.com/watch?v=JaY-k8CnM98&t=2400s) Segment 9 (40:00 - 44:00) other use cases have you applied n2 to what other AI capabilities are uh will you be exploring beyond sock and engineering? Um so I'm not sure what you mean by what other AI capabilities will we be exploring beyond sock and engineering but from um an NATM perspective we'll be looking at we're not just doing the sock and the engineering side we're actually using it for a lot of our on boarding capability to integrate with our demand processes um on boarding um so I don't know if you guys are ever involved in onboarding anything to any system or platform um especially a seam platform and cyber arc and that kind of stuff it takes quite a lot of effort. So we're actually using that to kind of manage our demand. So demand coming in from people to be able to automate things trigger different processes um to trigger other automation tools. So it kind of goes a little bit wider than just saw and basic engineering. Um, we're using it actually as a as part of the experience for our users and the people that have to engage with us for self-service as well. Um, AI capabilities. The big one that we're really looking for with AI is kind of like patterns. Um, but also we're looking for um we're also looking for ways that we can integrate with the LLM to help our advisers kind of understand things better or do things in a different way or spot things that they wouldn't normally have spotted because you know a computer can do a lot more than a sometimes than a human can. Um, we're also looking at using AI for I think Vira mentioned this as well is the playbook side. So as we get more information we can well initially create the playbooks automatically but then we can actually enhance them like real time so we don't have to have our advisers and our analysts going in all the time to kind of make those updates and changes um so we have the latest information and the other areas around threat intelligence as well. So we obviously have threat um threat um platforms that basically take plat uh threats from all different areas. AI could help us to identify what's kind of pertinent to ourselves. So, you know, um yeah, those kind of things. But yeah, I can't really necessarily share my use cases because they're a bit secret. So, um I'll have to avoid that one, I'm afraid. Gangeli. — Yes. Yes, absolutely. Thank you, Claire. I think we have time for one last question. Uh again, another one for Vira. V any plans for zero knowledge proof processing nodes for NA10? — So zero knowledge proof proc I'm guessing this is when you don't want the NA10 workflow build to see certain um I guess to see what's inside what the inputs are to the workflow. Is that correct? Is there any more information or should we assume that that's what the question means? — That's the information. Uh Tara Powell uh in case you have any more details you can probably add that to the question. So — or you can just answer V. — Yeah, I'll give it a quick stab and you know happy to connect afterwards if the question is slightly different. Um we have had this request so customers do want ways to you know obiscate uh private data from within the NA10 and input output bundles. Uh it's something we're looking at. I wouldn't say that we have a fixed date uh for it but it's a request that we have had before and you know we'll be putting it in our mix of prioritizations uh for the next couple of courses. — Thanks very much. Thank you everybody for staying on and uh thank you for hearing us. Uh we hope you enjoyed and you found the session useful. Please feel free to reach out to either of us if you have any further question. Thank you. Thanks Claire Sumit and Vira. --- *Источник: https://ekstraktznaniy.ru/video/15335*