BRIDGED Launches 'BRIDGED PURPLE SOC', a Next-Generation SOC Service Continuously Evolving Defense from an Attacker's Perspective

BRIDGED Inc. (Headquarters: Chiyoda-ku, Tokyo; CEO: Kotaro Takahashi; hereinafter BRIDGED) announced that starting today, May 20, it has launched 'BRIDGED PURPLE SOC', an AI-driven, integrated attack and defense SOC service that combines a 24/7/365 human SOC operated by analysts with cutting-edge AI.

This service fuses the technologies of NSHC Inc. (Headquarters: Seoul, South Korea; CEO: Byung-Kyu Choi), a global offensive research specialist with over 20 years of experience providing the AI attack technology 'AI Pentester', and LogSpect Inc. (Headquarters: Shibuya-ku, Tokyo; CEO: Hisashi Hibino), which develops and provides the log analysis AI agent 'LogEater'.

By combining analysis from an attacker's perspective with SOC operations, the service visualizes the gap between attack (Red) and defense (Blue), leading to continuous improvements in detection logic, monitoring operations, and analysis processes.

Through this service, BRIDGED provides an environment where even companies that find it difficult to build advanced SOC structures independently can engage in continuous monitoring, attack validation, and detection improvement, thereby supporting enhanced defensive capabilities and reduced security risks across the entire supply chain.

Background of Service Development

With the spread of generative AI, the generation of attack codes, vulnerability exploration, and the sophistication of spoofing and impersonation have advanced, making cyberattacks faster and harder to detect. These 'stealthy threats'—attacks that are hard to notice and identify—are becoming significant business risks for all enterprises.

However, it is difficult to fully capture the signs of constantly changing attacks through traditional 'passive monitoring' or 'annual vulnerability assessments' alone. In particular, the 'gap between attack and defense' caused by the separation of the Red Team (attack) and Blue Team (defense) becomes a weak point easily targeted by attackers.

Moving forward, it is crucial to incorporate practical validation concepts like TLPT into daily SOC operations and continuously improve detection, analysis, and response from an attacker's perspective.

Key Features of 'BRIDGED PURPLE SOC'

Practical Validation via AI (Red Team) Utilizing NSHC's AI attack technology 'AI Pentester', the service validates the external public assets of companies and risks on the supply chain from an attacker's perspective, starting from external threat information such as dark web and OSINT data. By adopting practical validation incorporating TLPT concepts, it visualizes attack paths and defensive weaknesses that are difficult to see with conventional vulnerability assessments alone.

Hybrid Monitoring Combining AI and Human SOC (Blue Team) For real-time detection, Elastic Cloud SIEM is utilized to collect logs, perform correlation analysis, and detect alerts. Furthermore, the log analysis AI agent 'LogEater', developed and provided by LogSpect Inc., streamlines the long-term analysis of massive logs and retrospective investigations. It continuously grasps signs of dormant or spoofed attacks while suppressing the analysis burden on SOC analysts and infrastructure costs.

Attack-Defense Gap Analysis and Continuous Improvement Proposals (Purple Team) By comparing the weaknesses revealed through attack validation by the Red Team with the monitoring and detection status by the Blue Team, the service analyzes the gap that arises between attack and defense. AI extracts missing monitoring rules and improvement points, which are then validated by SOC analysts to support the improvement of detection logic, monitoring operations, and response processes. This realizes a Purple Team-style improvement loop that circulates from attack validation to detection improvement.

Specific Use Cases

Manufacturing Industry: Visualization of External Risks Hidden in the Supply Chain AI Pentester validates attack paths existing outside the company, such as overseas bases, business partners, and suppliers, from an attacker's perspective. Assuming scenarios of stepping-stone attacks and the exploitation of external public assets, SOC analysts analyze and validate whether the in-house SOC can detect them, and propose necessary monitoring rules and countermeasures.

Finance and Fintech: Continuous Attack Validation and Long-Term Log Analysis In response to advanced security validations required by authorities and industry standards, the service provides a continuous validation process incorporating TLPT concepts. Utilizing long-term storage and analysis of massive logs by LogEater, it also supports retrospective investigations when incidents occur and trace analysis of dormant attacks.

Advanced Monitoring and Improvement Support for Companies Without a Dedicated SOC For companies that find it difficult to secure advanced security personnel or dedicated SOC structures in-house, the service provides monitoring, analysis, and improvement support combining a 24/7/365 human SOC with AI analysis. It establishes an environment where practical defense improvements incorporating attacker perspectives can be undertaken even with limited resources.