Guven Technology Builds an Agentic SOC with CrowdStrike

Guven Technology provides cybersecurity services for 78 companies across a diverse ecosystem. One such company is Pasha Development, which operates across hospitality, mall management, construction development, and commercial properties throughout Azerbaijan and neighboring countries.

As a customer-facing business in a geopolitically sensitive region, it has faced sustained phishing campaigns and coordinated cyber threats over the past several years.

“We struggled to categorize the threats because there was no connection between our security platforms,” explained Azar Alili, Chief Strategy Officer at Guven Technology.

In 2025, Guven Technology made the decision to consolidate on the CrowdStrike Falcon® platform. By unifying endpoint protection, identity security, SIEM, vulnerability management, and CrowdStrike® Charlotte AI™ on the single lightweight Falcon sensor, the organization began its journey toward agentic SOC transformation across the group.

Before consolidating on CrowdStrike, security systems were distributed across multiple vendors, with limited data exchange between platforms. Correlation gaps created high volumes of false positives, and analysts often defaulted to isolating systems when alerts appeared, even when they were later determined to be benign.

An incumbent endpoint solution required significant maintenance and consumed system resources, leading to performance complaints among end users. The security team spent roughly a third of its time running proof-of-concepts for additional tools to compensate for visibility gaps.

Coverage was also lacking. In particular, IoT and operational technologies, including cameras, sensors, and specialized property systems, weren’t consistently integrated into the broader detection framework — introducing operational risk.

Across group companies, Guven needed to reduce agent overhead, consolidate tooling, and centralize telemetry without disrupting 24/7 operations across geographically distributed environments.

After selecting CrowdStrike, Guven Technology standardized security operations on the unified Falcon platform, spanning endpoints, identity, vulnerabilities, and SIEM across its managed environment.

Based on implementations of its prior security solutions, the team anticipated a six-month rollout. Instead, automated deployment reduced implementation to three weeks. The rollout required minimal system interruption and allowed business operations to continue as planned.

“There was no need to reboot the system. Everything continued running as expected,” Alili said.

Replacing the legacy endpoint stack with the Falcon platform reduced operational strain while consolidating telemetry. With one sensor collecting data across traditional IT systems, IoT devices, and building technologies, the team gained real-time visibility through a single console.

As visibility expanded, the team identified previously unknown shadow assets and vulnerable subnets that hadn’t surfaced in its legacy tools. Centralized telemetry with CrowdStrike Falcon® Next-Gen SIEM improved correlation across domains and reduced reliance on separate tools for SIEM and analysis.

From the outset, consolidation also enabled Guven to activate Charlotte AI across its environment. With telemetry unified on a single platform, the team began using AI-assisted analysis to support investigations, rule creation, and decision-making — an early step in its broader agentic SOC transformation.

As the environment stabilized, operational performance improved. Historically, uptime had struggled to exceed 80%. Following consolidation and workflow improvements, uptime increased to approximately 97%.

In addition, false positives declined as correlation improved, reducing unnecessary workload. Instead of isolating systems when alerts appeared, analysts could make more informed decisions.

“In the past, whenever we found an issue, our immediate response was to isolate the system,” Alili said. “Thanks to Charlotte AI, we can identify the appropriate action instead.”

Charlotte AI now plays a consistent role in investigations and phishing response, helping the team act with greater precision and avoid unnecessary service interruptions.

With telemetry unified and repetitive work reduced, Guven Technology has shifted its SOC operating model. Today, Charlotte AI filters and prioritizes signals, bringing a new level of efficiency and consistency to security operations across the group.

“Agentic AI is a filter for us,” he said, referring to its role in managing large volumes of data and surfacing the most critical issues.

Rather than expanding headcount to manage alert growth, the organization relies on AI-assisted workflows and centralized visibility to accelerate investigations and free analysts to focus on higher-impact initiatives across its distributed businesses.

From a fragmented security stack with disconnected tools to a unified platform supporting AI-assisted operations, Guven’s agentic SOC transformation demonstrates how consolidating security capabilities can reduce complexity, improve uptime, and defend against modern threats across enterprises.