more than four weeks to address a single incident. This delay grants malicious actors ample opportunity
            to exploit vulnerabilities, exfiltrate sensitive data, and disrupt operations. The call for redefining security
            operations  is  echoed  by  SOC  teams,  who  seek  more  innovative  approaches  as  they  confront  the
            limitations of MDR.


            Furthermore, survey responses have uncovered a potential connection between delayed deployment
            times  and  IT  dissatisfaction  with  MDR  performance.  Half  of  respondents  surveyed  experienced  a
            deployment period of four to six months, while an additional 44% faced a seven to twelve-month timeline
            for total deployment of MDR tools.



            How AI Can Support Security Operations

            Just over a third, or 34%, of respondents believed their current MDR solutions were incapable of providing
            a complete picture of their IT environments, a shortcoming that AI and its learning capabilities have the
            potential to address. Designed to continuously learn and understand, AI can get to know the customer’s
            environment, and offer a more comprehensive view of “normal” activity by examining data sources to
            evaluate alerts and incidents.

            Additionally, AI can provide helpful support to security teams that are understaffed, which is a problem
            for more than half, or 57% of professionals surveyed. For the 32% of respondents who said their MDR
            tools escalated beyond the team’s capabilities, AI tools can be used to perform extra security checks
            more effectively than humans, therefore significantly lowering the number of items that are escalated.
            This can ease the workload for security analysts who are already overwhelmed and cannot spend hours
            sorting, investigating and responding to all the security alerts they get.

            A significant 70% of respondents indicated that time savings for their Security Operations Center (SOC)
            teams were less than 25% when  utilizing current MDR tools. This finding contrasts with the primary
            objective of outsourcing MDR services, which is to alleviate the workload of SOC teams. This is a critical
            gap in the effectiveness of current MDR tools, leaving organizations in a similar predicament that before
            they began outsourcing.

            Conversely, the adoption of AI-based security operations presents a promising solution, with the potential
            to automate 80-90% of Level 1 and Level 2 tasks. By handling triage, investigation, and response tasks
            at scale, AI-based systems can significantly reduce the workload on SOC teams, thereby aligning with
            the original intent of outsourcing to MDR services.




            Looking Ahead to AI

            The incorporation of AI into security procedures presents a game-changing prospect for organizations to
            bolster their cybersecurity defenses with remarkable efficiency and efficacy, signifying a notable leap
            forward in combating the escalating complexity of cyber threats. We are in a transformative period in the
            industry  where  AI-powered  systems  are  poised  to  redefine  the  SOC,  facilitating  a  smooth  transition
            process for organizations and sparking a profound shift in security tactics.





            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          209
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.