AI Can Bridge the Gap of Ineffective MDR Tools

By Orion Cassetto, Head of Marketing, Radiant Security

Last year, nearly one-third of organizations suffered breaches, prompting security professionals to reevaluate the performance of their existing managed detection and response (MDR) solutions, especially as cyberthreats advance in scale, scope and sophistication. A recent survey of 300 IT security experts by Radiant Security showed a widespread dissatisfaction with current MDR tools, and that 60% of respondents are turning to AI tools to ease the pressure caused by ineffective MDR solutions.

AI Becomes More Appealing as MDR Falls Short

A pronounced rise in phishing and social engineering cyberthreats, as well as AI-powered malware, has strained traditional MDR services. The necessity of swift identification and remediation post-breach is paramount for business continuity and resiliency, yet a staggering 44% of MDR users report needing more than four weeks to address a single incident. This delay grants malicious actors ample opportunity to exploit vulnerabilities, exfiltrate sensitive data, and disrupt operations. The call for redefining security operations is echoed by SOC teams, who seek more innovative approaches as they confront the limitations of MDR.

Furthermore, survey responses have uncovered a potential connection between delayed deployment times and IT dissatisfaction with MDR performance. Half of respondents surveyed experienced a deployment period of four to six months, while an additional 44% faced a seven to twelve-month timeline for total deployment of MDR tools.

How AI Can Support Security Operations

Just over a third, or 34%, of respondents believed their current MDR solutions were incapable of providing a complete picture of their IT environments, a shortcoming that AI and its learning capabilities have the potential to address. Designed to continuously learn and understand, AI can get to know the customer’s environment, and offer a more comprehensive view of “normal” activity by examining data sources to evaluate alerts and incidents.

Additionally, AI can provide helpful support to security teams that are understaffed, which is a problem for more than half, or 57% of professionals surveyed. For the 32% of respondents who said their MDR tools escalated beyond the team’s capabilities, AI tools can be used to perform extra security checks more effectively than humans, therefore significantly lowering the number of items that are escalated. This can ease the workload for security analysts who are already overwhelmed and cannot spend hours sorting, investigating and responding to all the security alerts they get.

A significant 70% of respondents indicated that time savings for their Security Operations Center (SOC) teams were less than 25% when utilizing current MDR tools. This finding contrasts with the primary objective of outsourcing MDR services, which is to alleviate the workload of SOC teams. This is a critical gap in the effectiveness of current MDR tools, leaving organizations in a similar predicament that before they began outsourcing.

Conversely, the adoption of AI-based security operations presents a promising solution, with the potential to automate 80-90% of Level 1 and Level 2 tasks. By handling triage, investigation, and response tasks at scale, AI-based systems can significantly reduce the workload on SOC teams, thereby aligning with the original intent of outsourcing to MDR services.

Looking Ahead to AI

The incorporation of AI into security procedures presents a game-changing prospect for organizations to bolster their cybersecurity defenses with remarkable efficiency and efficacy, signifying a notable leap forward in combating the escalating complexity of cyber threats. We are in a transformative period in the industry where AI-powered systems are poised to redefine the SOC, facilitating a smooth transition process for organizations and sparking a profound shift in security tactics.

These AI mechanisms are revolutionizing the function of SOC teams by offering an improved contextual comprehension, reducing false positives, and effectively overcoming the constraints associated with conventional MDR tools. By providing much-needed respite and significant time savings, AI enables analysts to concentrate their skills on genuine cyber threats. This critical transition towards AI-led security operations marks a significant milestone in cybersecurity, signaling a future of heightened resilience and efficiency in safeguarding against the continuously changing spectrum of digital threats.

About the Author

Orion Cassetto, the Head of Marketing for Radiant Security. I have over 15 years of experience leading marketing and GTM efforts at successful cyber security companies. Prior to Radiant Security, my roles included VP of Product Marketing at Cycode, Sr. Dir. of PMM at Exabeam, and Dir. of PMM at Imperva.

Orion can be reached online at our company website https://radiantsecurity.ai/company/