Managed Detection and Response (MDR) systems, which are a group of proactive security tools and services that are outsourced, have become more popular over the past few years as threats around the world have grown.
MDR systems use both better threat identification and more advanced threat hunting to find hidden threats that might get past regular security measures.
By combining the knowledge of human security experts with automation, MDR promises a quick response to security events that will limit the damage that could happen. But a new study from Radiant Security shows that most security experts are okay with AI solutions taking the place of MDR ones.
A Study Says That “60% Of Professionals Open To End Of MDR.”
Radiant Security, an AI-enhanced security operations solution, recently did a study and found that most IT security workers (60%) are willing to replace their MDR solution with AI.
According to the study, one-third of the businesses that were asked were hacked in the last year. The poll found that traditional MDR services are having a hard time dealing with modern attacks and the damage they cause. This is because attacks like phishing, social engineering, and malware are getting smarter.
The majority of MDR users (44%), said it took more than four weeks to fix a single event. Slow response times to fix problems are a big issue because breaches that aren’t fixed let thieves keep stealing data, shutting down operations, or locking assets for ransomware.
In a press release, Bashar Ben-Hador, CEO and co-founder of Radiant Security, talked about what the study found:
The new study and our own research on threats make it clear that current managed detection and response solutions aren’t able to keep up with changes in threats, such as the use of adversarial AI.
“SOC teams are starting to change the way security operations are done by using new ideas, and we’re adding AI features where MDR has failed.”
SIOC AI-Powered Innovation: The MDR Change
A new report from Fortune Business Insight on the global market found that the MDR business is still growing. This area was worth $1.56 billion in 2023, and it will be worth a whopping $8.59 billion by 2032, up from $1.89 billion in 2024.
Companies like Blockstream, Innowise Group, and IBM Corporation offer advanced MDR security services to a wide range of industries, from healthcare to e-commerce, government, and more.
AI is already being used in some of these companies’ MDR systems. IBM, for instance, released what they called “the next evolution” of MDR services in October 2023.
The company said that their new MDR can instantly escalate or close up to 85% of alerts thanks to new AI technologies. This will help clients get faster security responses.
IBM was not the only MDR provider to add AI to MDR. This shows that big tech is aware of AI’s benefits and the problems with standard MDR tools. A lot of big companies have released or talked about releasing new AI-powered MDR services or other AI SOC solutions in 2024. These include CrowdStrike’s AI-Native Falcon Xplatform, Lumen Technologies’ advanced MDR, BlackBerry’s CylanceMDR, and Microsoft Copilot Security.
Eighty-four percent of MDR users are unhappy with their old tools just nine months after buying them, and 32 percent say that the MDR tools made things worse than their team could handle. This means that security teams are overworked and can’t spend hours sorting, investigating, and responding to all alerts.
Should AI Be Used Instead Of MDR? What Experts Say
Alert fatigue, false hits, and having too many attackers are some of the things that make MDR hard for security teams.
Techopedia talked to Lisa McStay, who is the Chief Operating Officer at Continuity2, a company that makes tools for business continuity.
“The first thing that stands out is that everyone is unhappy with MDR systems.” The main reason for this change is accuracy, as high false positive rates and inefficient systems are making AI solutions less useful.
McStay said that the report’s claims that AI could handle tasks and cut time spent on them by up to 95% are “potentially inflated.”
“I don’t think it will be that high in real life, but I still expect a huge drop in work (about 50–80%).” Could we start a new talk about the best way to spend our time?”
She also said that she thinks using AI instead of MDR is “smart” and “definitely what the future will look like” because of how well it works and how quickly it responds.
“Both get a lot better when AI is used, and they are both necessary for good cybersecurity.” Also, when there is free time, security teams will have to deal with bigger problems. It all comes down to doing better work and being smart about how you spend your money.
“Do not replace, add”
Techopedia talked to cybersecurity and technology consultant Michael Hasse, who said that replacing MDR with AI is not a new idea.
“MDR systems for the Fortune-1000 began to make this change a few years ago.”
Hasse stated, “The catch is that nobody is’replacing’ anything. Instead, AI is being added to speed up detection and response, which greatly improves the signal-to-noise ratio for human operators and makes the SOC much more effective.”
Hasse said that security teams shouldn’t replace MDR services with AI, but should instead add to them when asked if it was a good idea to do so.
“Right now, EDR-MDR systems with manned SOCs that are open 24 hours a day, seven days a week and AI built in can find and respond to threats in less than one minute, and a human operator can review in less than five minutes.”
Neal Humphrey, VP of Market Strategy at Deepwatch, agreed. Deepwatch is a managed security platform for the cyber resilient business.
“Don’t change it. Yes, add to, move forward, speed up, and offer additional lines of reasoning and analysis.
“Yes, make suggestions, keep the decisions that were made, and help figure out what those decisions meant,” Humphrey said.
“This will make it possible for advanced security models for machine learning, generative AI, and other technologies to show up and improve analysis of the lessons learned from a single organization or from a larger group of organizations facing the same enemy, and for them to communicate effectively through co-pilots and unified AI options.”
The SOC Teams Are At A Turning Point
As AI technologies grow and are used in more security solutions, SOC teams are at a turning point. Cybercriminals are still making trouble, though, even as tools and services get better.
A company called Exabeam uses AI to run security operations. Their CEO, Steve Wilson, told Techopedia that companies that aren’t keeping up with AI in cyber defense are already behind.
Wilson said that security teams that are already busy and short-staffed shouldn’t have to deal with MDR services that “just add noise.” He also said that MDR and AI are still very important.
Wilson said, “AI-driven technologies let us sort through terabytes of data in almost real time and learn to tell the difference between normal and abnormal behavior.” “This means that we only report real threats, which speeds things up and makes them more accurate, which makes security better.”
“AI is the future of cyber defense. If you’re stuck in the past with old tools, you’re writing your own notice of obsolescence.” Change with the times or get left behind in the digital sand.