Opens a new window
With cybersecurity attacks on the rise and more intelligent than ever, the time spent detecting and responding to threats is of the essence. This is Part III of a six-part series by Derek E. Brink of Aberdeen Strategy & Research. In this article, he unpacks the latest research by Aberdeen on the present state of managed detection and response (MDR) and how enterprises can upgrade their systems to battle threats better.
In the eight short months or so since the introduction of ChatGPT, a lot of people are talking about how much artificial intelligence (AI) and machine learning (ML) technology will affect human jobs — whether for good (e.g., increase our productivity and free us up to focus on higher-value activities), for ill (e.g., put many of us out of work), or some combination of both.
The Dynamic Human-technology Relationship
In high-tech history, there are plenty of examples of the dynamic between technology and human jobs. Here’s a personal memory of one that pre-dates modern AI/ML: The arrival of automated teller machines (ATMs) near my undergraduate college campus meant that suddenly we students no longer had to rush to stand in line at the bank’s local branch before 3:30 pm on Friday, or else have no way to get cash for the rest of the weekend. For us, ATMs meant freedom! For human tellers, ATMs meant fewer roles were needed for simple cash disbursements — but there was still an ongoing need for people skilled in customer service, problem-solving, and more complex financial products and services.
There are plentiful examples of fierce human resistance to disruptive new technologies out of fear of our jobs being displaced. A few that came readily to my mind (I’m not sure why or what these say about me) include the following:Â
- The legend of John Henry and his steel-driving hammerOpens a new window winning a race against the Chesapeake and Ohio Railway’s new steam-powered drill.
- Dwight Schrute’s battle to sell more paperOpens a new window in one business day than the newly launched Dunder Mifflin Infinity website.
- SpongeBob SquarePants fighting to keep his patty-flipping job at the Krusty KrabOpens a new window from being eliminated by Squidward’s invention, the Patty Gadget.
Over the past couple of weeks, I’ve been sharing examples of how AI/ML technologies have already been leveraged for several years now by leading cybersecurity providers, e.g., in the areas of endpoint detection and response and email security. As another illustrative example, and in the spirit of the dynamic between technology and human jobs in cybersecurity, consider some of the key insights from a 2021 Aberdeen study on managed detection and response (MDR):
- Across respondents from more than 350 organizations, the total time to detect, investigate,
respond, and recover from a security-related incident ranged from 46 minutes to 46 weeks (median: 59 hours). - Empirical data for confirmed data breaches showed that enterprises are improving year-over-year. But even so, it also showed that the attackers consistently outperformed the defenders in the race against time.
- Exacerbating the problem is that highly skilled cybersecurity workers are in short supply. In another study based on current and open cybersecurity roles reported at >2,800 organizations, Aberdeen estimated the current cybersecurity workforce gap to be about 32%.
Total Time to Detect and Respond Ranged from 46 Minutes to 46 Weeks (Median: 59 Hours)
Source: Aberdeen, August 2021
In this context, managed detection and response solutions are designed to bring some much-needed relief. MDR is designed to deliver an enterprise-tailored mix of threat identification, protection, detection, and response capabilities, by a trusted service provider. Modern MDR solutions are a combination of advanced technologies and specialized technical staff designed to augment and accelerate — not replace — the capabilities and performance of the existing enterprise security staff.Â
From providing faster, more accurate notifications on detections, to actionable guidance on response, to even taking direct actions on the enterprise’s behalf, MDR is a good illustration of the three well-known use cases for AI/ML mentioned in previous weeks:
- Pattern recognition (illustrative example: filter out noise, minimize false positives, free up cybersecurity analysts to work on the most relevant threats)
- Process automation (illustrative example: analyze and correlate data from multiple sources; enable faster triage, forensics, and incident response)
- Predictions (illustrative example: automatically scan networks and systems for vulnerabilities; identify weaknesses most likely to be exploited by attackers; prioritize and recommend patches, updates, or other countermeasures)
Aberdeen recently launched a new research study on AI in the enterprise: The State of AI in 2023, which is looking at AI use cases in several business areas, including cybersecurity, IT infrastructure, sales & marketing, financial management & ERP, manufacturing & engineering, and retail. Early findings should become available within the next couple of weeks — stay tuned, as we are eager to share them as soon as possible.
What strategies are you employing to improve managed detection, response and recovery? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!