SAN FRANCISCO — New research has uncovered a pervasive dissatisfaction with managed detection and response (MDR) systems with a majority of IT security professionals (60%) open to replacing their MDR solution with artificial intelligence (AI). Those were the key takeaways from a recent study by Radiant Security, the pioneers of AI-enhanced security operations solutions.
The survey of 300 U.S.-based IT security professionals was conducted in April by Censuswide and highlights several challenges for MDR users, including that one-third experienced a breach in the past 12 months.
Ineffective MDR Leads to Dissatisfaction and Shifting Perceptions About AI
As cyberthreats like phishing, social engineering, and malware become more sophisticated and increasingly fueled by AI, legacy MDR services appear to struggle with responses. After a breach, an organization’s biggest challenge is the swift identification and remediation of the core issue that led to that breach. However, 44% of MDR users surveyed needed more than four weeks to remediate a single incident. During this time, malicious actors can continue to exploit existing vulnerabilities, steal sensitive data, disrupt operations or cause other problems.
“It’s clear from the recent report and from our internal threat research that existing managed detection and response solutions are ill-equipped to keep up with changes in the threat landscape like the use of adversarial AI,” said Shahar Ben-Hador, CEO and co-founder of Radiant Security. “SOC teams are begging to redefine security operations with a more innovative approach, and we’re delivering AI capabilities where MDR has fallen short.”
The report also uncovered a potential correlation between long deployment times and IT’s dissatisfaction with the overall performance of the MDR solution. Half of the respondents reported a four- to six-month deployment timeline with an additional 44% reporting seven to 12 months to deploy MDR tools. A majority of MDR users (84%) noted their dissatisfaction with the legacy tools occurred within nine months of its purchase.
AI-powered Innovation Can Alleviate SecOps Challenges
Based on the data, use of AI-powered automation could also help respondents with several shortcomings and pain points of MDR, as found in the survey. For example, more than one-third (34%) reported their MDR tool lacked context about their environment. Here, use of AI could provide a much deeper understanding of normal because it continuously learns about the customer’s environment and can use that data to review alerts and incidents.
For the 57% of respondents who reported their teams are not completely staffed, and 32% who said their MDR tool escalated more than their team could handle, AI is able to use the aforementioned context to perform additional checks more thoroughly than humans, and significantly reduce the number of items that are escalated. This can alleviate work for security analysts who are already stretched thin and cannot spend hours triaging, investigating and responding to all the security alerts they receive.
Finally, 70% of respondents reported that time savings for their SOC teams was less than 25% using current MDR tools, which is counter to the goal of outsourcing to MDR services and essentially leaves organizations in the same situation they were before. AI-based security operations can eliminate 80-90% of Level 1 and Level 2 workloads by performing triage, investigation and response tasks at scale.
“We are at an inflection point for AI-driven systems to transform the SOC, making it easier for organizations to embrace and fundamentally shift their security posture,” said Ben-Hador. “There is no question that AI is a game-changer for SOC teams because it can improve context, reduce false positives and powerfully overcome the limitations of traditional MDR tools. AI provides much-needed relief and significant time savings for analysts to ensure their focus remains trained on genuine cyberthreats.”
To learn more about the industry-leading AI-powered SOC co-pilot, visit Radiant Security at booth (ESE#47) during the upcoming RSAC May 6-9, 2024, or visit radiantsecurity.ai.
About Radiant Security
Radiant Security, led by a team of cybersecurity industry veterans who played pivotal roles in the success of companies like Imperva and Exabeam, offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Radiant enables SOCs to harness the power of AI to boost analyst productivity, detect more real attacks, and slash incident response times from days or weeks to minutes. Deployed in minutes via API, Radiant Security provides rapid time to value and immediately reduces analyst workloads by as much as 95%.