From Data Overload to Actionable Intelligence: AI’s Role in Modern Cyber Defense

Presented by Elastic & Carahsoft

For many state and local governments, the cybersecurity challenge is not a lack of data—it’s knowing what to do with it. Massive volumes of information flow through agency systems every day, but without the ability to extract meaningful insights, that data often becomes more of a burden than an asset.

In this segment, Bobby Suber, Senior Manager of Solutions Architecture for SLED at Elastic, explains how artificial intelligence is helping organizations turn that data into a strategic advantage.

Suber describes what many agencies are experiencing as a “data swamp”—years of collecting logs, telemetry, and system information without a clear way to operationalize it. The result is that security teams are inundated with information but struggle to identify what actually matters. AI, when used correctly, can change that dynamic.

The key, according to Suber, is context. Simply feeding large volumes of data into AI models is not enough. Without proper structure and context, the output will be unreliable—“garbage in, garbage out.” Instead, organizations must focus on context engineering, ensuring that data is properly described and aligned with specific use cases.

When done well, this approach allows AI to correlate information across systems, identify patterns, and surface relevant threats much faster than traditional methods. This is particularly valuable in cybersecurity operations, where speed and accuracy are critical. AI can process and analyze data at a scale that humans simply cannot match, enabling faster detection and more informed responses.

However, Suber is clear that AI is not a replacement for human decision-making. Instead, it should augment it. AI can handle the heavy lifting—collecting data, analyzing patterns, and presenting insights—while human analysts make the final decisions. This “human in the loop” model is essential for maintaining trust and ensuring that actions taken are appropriate and effective.

Suber also addresses common concerns around AI, including model manipulation and data integrity. While much attention is often placed on the models themselves, he argues that the real focus should be on the data. Ensuring that data is accurate, relevant, and properly contextualized is the foundation for reliable AI outcomes.

From a framework perspective, Suber suggests that agencies don’t need to reinvent their cybersecurity strategies to accommodate AI. Instead, they should integrate AI into existing models like zero trust. AI can help automate continuous verification processes, reducing the manual effort required and making zero trust more achievable at scale.

Looking ahead, Suber points to the rise of agentic AI—systems capable of taking autonomous action—as the next phase of evolution. These technologies have the potential to dramatically improve response times and operational efficiency, but they also introduce new challenges around trust and oversight. Organizations will need to closely monitor how these systems operate and ensure that safeguards are in place.

Ultimately, the future of cybersecurity will depend on how effectively organizations can harness their data. AI provides the tools to do that—but only for those who take the time to implement it thoughtfully, with the right balance of automation, context, and human control.