COMMENTARY: Even though the Star Wars universe was set “a long time ago in a galaxy far, far away,” we could view the most recent film, The Mandalorian and Grogu, as a parable for securing the modern enterprise.The New Republic represents the sprawling enterprise network of today, spanning information technology (IT), operational technology (OT), internet of things (IoT), cloud, and now artificial intelligence (AI). The Fallen Empire is clearly the legacy environment. The Imperial Warlords that remain after the Empire has fallen are the hidden threats persisting in the dark corners.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]The Mandalorian is the hardened defense-in-depth security stack, and Grogu represents the powerful AI agent we are still learning to trust.The Mandalorian doesn’t wait for warlords to reveal themselves. He hunts. Modern security teams have to do the same. Now let’s look more closely at what cybersecurity professionals can learn from the latest Star Wars film.Establishing shots: A fragile New RepublicThe Mandalorian and Grogu demonstrates that the more things change, the more they stay the same. The Empire has fallen, but threats persist. The New Republic runs as structurally decentralized enterprise, which creates visibility gaps that its adversaries exploit.In enterprise networks, old infrastructure becomes the new attack surface. Network perimeters have given way to distributed IT, OT, IoT, and cloud environments. AI agents are adding layers on top of it all. The result is the same: more surface, less visibility, and more places for adversaries to hide.The “Imperial Warlords” of enterprise environments are similar. Ransomware groups get disrupted, yet ransomware remains a consistent threat. Nation-state threat actors, including Volt Typhoon, have remained a persistent threat inside critical infrastructure.Without comprehensive visibility and control into connected assets, hidden threats can easily establish initial access and compromise critical infrastructure before they are even detected.“The old protect the young, and then the young protect the old.”This creed captures the reciprocal duty between the Mandalorian and Grogu. The Mandalorian is hardened by experience and layered in defense. Grogu has great power, but needs active supervision.In a cybersecurity program, this captures the inflection point between the existing security stack and AI-enabled solutions. The existing security stack has been stretched to protect AI workflows. The old protects the young.Early in the movie, the Mandalorian tells Grogu a line that should resonate with every security leader who has piloted an agentic AI tool: “Don’t touch the buttons.”Organizations are deploying AI capabilities into production, but most customers who buy autonomous functionality still require a human-in-the-loop.Unfortunately, our adversaries are already running autonomous campaigns. Threat intelligence published by Anthropic has documented agentic cyberattacks operating at machine speed.The gap between attackers and defenders has widened. The pressure to allow trusted AI agents to act comes from the threat landscape.When the Mandalorian gets cornered and outgunned, he places his trust in Grogu, “Remember the buttons I told you never to touch? I’m gonna need you to touch them.”Now, the young will protect the old.AI-enabled detection, agentic remediation, and autonomous response have the potential to protect the legacy environments we have spent decades hardening. To survive, organizations must shift from human-in-the-loop to human-on-the-loop, trusting their AI agents to take control.“I can bring you in warm, or I can bring you in cold.”The Mandalorian’s signature line is delivered as an ultimatum to his bounties. Through the lens of cybersecurity operations, it takes on a slightly different meaning.Mean-time-to-detection (MTTD) and mean-time-to-remediation (MTTR) are two important performance metrics of any security operations center (SOC). The “warm” approach requires continuous threat exposure management (CTEM). The “cold” approach is the alternative: reactive incident response.Large language models, such as Mythos, have demonstrated powerful vulnerability discovery capabilities. When CVEs are publicly disclosed, threat actors can create exploits within hours, while the time it takes organizations to patch is still measured in days.If an organization lacks the ability to discover and remediate its vulnerabilities proactively, a threat actor will find them.We must anchor cybersecurity in basic best practices, just like the Mandalorian tells Grogu: “Strap in. Always wear your seatbelt.”In cybersecurity, that three-point harness includes asset visibility, multi-factor authentication, and patch management.The calibration of these controls represents its own discipline. Again, the Mandalorian shares his wisdom: “armor has to fit snug, but not so tight that it restricts your movement.”When security controls are too tight, detection rules create alert fatigue and constrain employee productivity. A balanced approach requires the business context of devices and the smart prioritization of alerts. Not all CVEs are created equally.“This is the way.”The Mandalorian creed reminds us that craft, discipline, and the handoff between generations are what keep the galaxy safe. The future of cybersecurity is not about choosing between human expertise and AI; it’s about the partnership between them.That message should resonate with security leaders. Managing AI workloads, agentic adversaries, and decentralized infrastructure requires rules and rails. Common security frameworks offer their own “creeds” to help guide the way.The old security stack will continue to protect the young AI capabilities as those capabilities mature. Then the young will protect the old. That handoff has already happened.This is the way.Andrew Grealy, head of Armis Labs, Armis from ServiceNowSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds