Geoff Haydon is the CEO of Continue.
In today’s ever-changing digital landscape, businesses face many challenges in continually strengthening their security. The attack surface extends in all directions; adoption of cloud-based applications has expanded the virtual attack surface and support for remote workers has expanded the physical attack surface. Internal security teams are overwhelmed by an increasing number of attacks, generating a continuous deluge of alerts 24/7. This leads to overworked security analysts, incidents escalating between cracks of the net and a constant state of fighting against fires. Adding new tools is not the solution; Companies are already juggling a variety of disparate tools that are expensive to manage and can even introduce new security vulnerabilities.
Help Net Security reports that SOC teams now receive over 4,000 alerts per day, spending nearly three hours per day manually triaging these alerts. Security analysts are unable to address 67% of daily alerts, 83% of which are false positives and not worth their time. This huge volume of alerts, combined with the pressure of managing threats, is putting a significant strain on internal teams.
A managed security partner can help alleviate some of these daily SecOps burdens. However, many Managed Detection and Response (MDR) and Managed Security Services (MSSP) providers have historically been disconnected from their customers due to a lack of understanding of their customers’ environments and collaboration models. ineffective which lead to a lack of transparency. While this is a challenge, it also presents an opportunity for AI to revolutionize security operations.
AI can transform the managed security industry by improving the relationship between managed security operations solutions and the organizations they serve. By leveraging AI, security operations can become more efficient and effective, significantly reducing the daily pressure on security teams and CISOs. AI can help overcome traditional challenges, delivering a better, more secure future for organizations around the world.
The State of AI in Cybersecurity
At the RSA 2024 conference in San Francisco, I spoke with many cybersecurity leaders who cited the benefits of AI in general terms. But when I asked about their AI use cases, they only dug a level or two deeper, and the benefits were much harder to identify.
The challenge of distinguishing benign positives from true positives has existed for MSSPs for years due to being client/environment specific; One customer’s true positive is another customer’s benign positive. That is, alert-triggering behavior in one environment may indicate a real threat, but the same type of behavior may be predictable in another environment. Traditionally, MSSPs have struggled to tell the difference and so often point out harmless positives to their customers, wasting their time. By using AI to understand each customer’s specific environment, MSSPs can overcome this challenge and further ease the burden on their customers’ behalf.
Long-standing managed detection and response (MDR) vendors see AI as a selling point that can improve efficiency. In my experience, these existing platforms do not have the flexibility to properly integrate new uses of AI. Sure, they can add an AI chatbot, which makes customer support easier for your team, but it’s difficult for them to integrate truly powerful AI features beyond that.
The Broken Managed Security Model
For organizations that don’t have the resources to staff a 24/7 SOC, a managed security provider may seem like the silver bullet. These services provide automated, comprehensive protection for diverse environments. However, their one-size-fits-all approach often falls short, leaving organizations vulnerable to security threats.
Much of the SecOps burden falls on in-house cybersecurity professionals struggling to keep pace with the dramatic increase in automated threat detection and false positive reporting. According to a 2022 Tines report66% of respondents experience stress at work and 63% say their stress levels are also increasing.
To truly ease the burden on IT and security teams, MSSPs must have a deep understanding of the specific environments they are protecting. While generic automation is useful, it cannot handle the nuances of complex threats, such as distinguishing between benign and malicious activity, without constant adjustment.
The lack of transparency and collaboration further erodes trust in MSSPs. They provide too much data instead of actionable information and make it unclear how they arrive at their conclusions. This generalist approach means they take care of everything, but don’t excel in any area. Additionally, they do not emphasize continued protection and risk mitigation.
But all hope is not lost. It’s about knowing the right questions to ask to ensure an organization can maximize its current investments and truly alleviate SecOps burdens.
The Role of AI in Fixing the Broken MSSP Model
Your existing technology environment is a valuable resource in which a successful partner must already have expertise. For example, if you work in a Microsoft environment and use Defender, your vendor should already have strong expertise in the Microsoft Security suite to maximize the ROI of your current investments.
Additionally, your managed security provider should have a deep understanding of your overall environment (not just your technology, but also your people and internal processes) so they can tailor their service to your needs.
Machine learning has been integrated into many cybersecurity products such as endpoint detection and response tools for years to better understand threats for detection. Today, MSSPs are leveraging these AI applications by using AI to better understand the environments they protect, in addition to the threats themselves. For example, an MSSP can use AI to understand a customer’s environment so they can quickly identify benign positive alerts from truly positive alerts.
As MSSPs expand AI applications to more of their services, the need for transparency has never been greater. Traditionally, MSSPs do not explain how they reach their conclusions on behalf of clients. This lack of transparency has often led to a lack of trust between providers and customers. As AI begins to play a role in developing insights and conclusions, it is essential that MSSPs are able to show their work transparently.
The good news is that AI is actually well suited to increasing transparency. For example, AI can be used to quickly and comprehensively summarize incidents for customers. AI assistants and chatbots can also be used to provide real-time answers to customer questions, and can even be designed to explain how they arrived at those answers for complete transparency. By reviewing your MSSP’s use of AI, you can ensure you’re not sold an automated solution that only makes the problem worse.
Finding the Right Managed Security Partner
If one MSSP doesn’t deliver on its promises, another managed security provider can deliver. It’s all about knowing the right questions to ask to ensure an organization can maximize its current investments and truly alleviate SecOps burdens. When evaluating a managed security provider, consider asking the following questions to ensure it can meet your organization’s needs, including leveraging AI to ease the security team’s workload and improve cybersecurity effectiveness:
1. Can you provide specific use cases where AI has significantly improved security outcomes for your customers?
2. How do you adapt your services to meet the specific needs of our environment, including our people, processes and technology?
3. Can you describe your expertise with the security tools and platforms we currently use (e.g. Microsoft Defender)?
4. How does your AI-powered solution handle the high volume of alerts and reduce the manual triage burden for our internal team?
5. What metrics do you use to measure the success of your AI-based security solutions?
6. How do you ensure that your AI-based capabilities actually lighten the workload of our security staff rather than adding to it?
7. How do you ensure transparency of your service operations and the findings/information you generate for us?
By asking these questions, you can better assess a managed security provider’s capabilities and their ability to effectively leverage AI. This ensures they can help you manage your cybersecurity strategy and ease the burden on your security team.
I believe the future of AI in cybersecurity goes far beyond chatbots and GPT integration. By offloading repetitive tasks to AI-driven platforms, security teams can reclaim valuable time and bandwidth, reducing the risk of burnout and allowing practitioners to focus on tasks that require creativity and Strategic thinking.
The right managed security provider can help your team save more time, which translates into increased confidence and satisfaction for everyone from your team members to your board. This newfound efficiency enables innovation in ways you never thought possible.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs, and technology executives. Am I eligible?
