COMMENTARY: The profound speed and scale of AI-driven cyberattacks has put existential pressure on organizations at multiple levels – especially their managed detection and response (MDR) teams.With AI-enabled incidents increasing by 89% annually, nearly one-half of global IT and cybersecurity decision-makers admit that they cannot detect or respond as quickly as the strikes execute. At the same time, 85% of security teams say traditional detection methods have not kept pace with modern threats.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]More than a decade ago, MDR outsourcing companies emerged as a lifeline for triage needs and resource-strapped defense teams. But AI has swiftly redefined the landscape. Chief information security officers (CISOs) now focus less on the size of their teams and more on the slow responses of manual human investigations, and how the staggering volume of alerts has crushed their analytics efforts.Subsequently, three-quarters of organizations are changing cyber team sizes and roles due to AI, with security operations center (SOC) personnel and analysts leading staffing reductions, followed by threat intelligence analysts and incident responders.In recent news, cybersecurity vendor Arctic Wolf announced it was laying off 250 workers in positioning the company to boost AI investment through its superintelligence platform and agentic security operations center. In addition, Cisco will cut nearly 4,000 jobs in shifting toward AI, with security among the tech categories impacted.The upshot: Human-dependent response simply cannot match dark AI powered adversaries moving at machine speed. MDR was built for a pre-AI world of alert triage. It’s labor-heavy, as constructed around SOC analysts, security information and event management (SIEM), and network monitoring. But the environment has changed more rapidly than MDR has evolved even with their home grown AI tools to help their margins, with automated attacks leaving thinly-spread teams to assume breaches are happening and that “good enough” resolution will suffice.It’s the fundamental flaw of triage-centric strategies and operations – they view triage as an acceptable compromise instead of a sign of a deeply flawed defense. At a time when exploits hit organizations fast and furiously and from every conceivable angle, traditional MDR models and capabilities represent potentially crippling deficits.ADR brings machine-speed remediationSo how should CISOs and other executive leaders respond? By investing in autonomous systems which detect, hunt, reason, and remediate at machine speed and scale, with strong governance so the human factor is always in play. In the process, these leaders will shift workloads among their employees rather than eliminate them.Here's where autonomous defense and remediation (ADR) steps in, removing the need for human input-dependent triage by autonomously hunting every detection – hunting across all detections and affected assets – and fixing problems in minutes as opposed to hours or days.With ADR combining machine-speed remediation and scale, with strict, people-directed governance controls, SOC teams can automatically fix/protect low-risk assets, and review and approve of the isolating, restarting or patching of high-value systems.Ultimately, ADR promises to let teams eliminate adversarial activity with no human intervention because ADR tools do all of the processing, detecting, hunting, isolating, remediating and reporting. This means teams get to focus on preventing instead of recovering, while commanding full control over autonomous security operations. Thus, they reduce work, accelerate mean time hunt, and isolate to fully remediate and lower operational costs.“The true power of AI lies not in replacing humans,” according to AI pioneer Sebastian Thrun, “but in working alongside us to achieve what neither can do alone.”It’s true now more than ever, as organizations increasingly recognize that human-guided autonomous systems remain our likely only viable defense against AI-powered cyber assaults. Moving forward, we need to respond at machine speed to counter the machines – to swarm, defend and remediate as quickly as possible, without a human in the loop.Adversaries are launching relentless attacks to wear down today’s SOC with endless alerts. With ADR, security teams can deploy AI in hours as a true force multiplier for cyber defense operations, instead of getting overwhelmed by manual, triage-focused duties. That’s when autonomous systems emerge as a true partner, as opposed to an existential threat.Curt Aubley, chief executive officer, SeviiSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds