Artificial intelligence (AI) has been one of the big buzzwords in cybersecurity for several years now. Sometimes, what gets marketed as AI is just hype, but other times it is something genuinely impactful. MSSPs are always looking for an edge, so their leaders are wondering how AI can help them deliver better services and run more profitable businesses.
In this article, we’ll look at some of the ways security vendors are using AI and what that might mean for MSSPs in the present and near future.
Survey Says…
We recently ran our 2024 MSSP Survey, in which we asked active MSSP professionals about the current state of the industry. The survey report has not yet been published, but let’s take an early look at some of the data related to AI.
We found that 80% of the MSSPs represented by survey respondents already use AI to some extent. However, the use cases were varied in a way that suggested AI is not yet integral to the delivery of managed services. We broke the responses into broad categories and found that 15% of the respondents use AI for non-security tasks, like supporting sales and marketing, 13% use it for analysis and threat detection, and 13% use it for automation and orchestration. The rest of the responses were spread across other categories.
From that data, we can see that no single use case for AI has broken through to become ubiquitous.
Current AI Offerings
Many security vendors that are popular with MSSPs heavily emphasize the AI capabilities in their platforms, but what are they actually offering?
Chat bots were an early example of AI in security tools, and many platforms still include them. Chat bots might provide recommended next steps based on previous user actions, answer natural language queries, and assist users in other ways.
With the recent explosion of large language models (LLMs), vendors have gone beyond the capabilities of chat bots. Now, generative AI is also used for things like producing incident summaries, presenting analyst notes, and generating reports.
Another popular AI function is the analysis of large amounts of data, which informs some of the generative AI recommendations that we’ve described, but is also used to pull intelligence from documents, assess processes to identify improvements, create detections that don’t rely on predetermined rules, and uncover links between alerts — among other capabilities.
A more advanced use case for generative AI that is emerging is the ability to generate complex outputs like playbooks, code, and threat hunting workflows from natural language prompts.
Opportunities for MSSPs
AI has transformative potential for MSSPs, especially as technology improves, but it is critical to separate the fluff from the substance. Chat bots and LLM integrations are useful, but they are not the leap forward that people imagine when they think about AI in SecOps. They can enable incremental improvements but aren’t going to revolutionize anyone’s business.
On the other hand, we can draw once more on our 2024 MSSP Survey for some insight that complicates that perspective. In the survey, we asked two questions about challenges and timewasters, and in both cases, the most common answers had to do with administration and client communication, not SecOps. Therefore, it might not be that exciting, but GenAI-based features that streamline things like reporting could have a big impact on eliminating pain points for MSSPs.
Of the AI developments we’ve covered, the most exciting opportunity for MSSPs probably comes from prompt-generated content. All tools have learning curves, and even with codeless playbooks and other user-friendly improvements, building workflows takes time and ties down engineering resources. Using AI to turn prompts into content bypasses that entirely, eliminating the barrier between the user’s intent and the execution. This could make MSSPs more efficient and greatly reduce training time.
About D3 Smart SOAR for MSSPs
D3 supports MSSPs around the world with our Smart SOAR platform. We recently announced Ace AI, a collection of upcoming features for Smart SOAR, including automated summaries, natural language search, and prompt-generated playbooks. Smart SOAR supports full multi-tenancy, so you can keep client sites, data, and playbooks completely segregated. Importantly, we’re vendor-agnostic and independent, so no matter what tools your clients use, our unlimited integrations will meet their needs.
D3’s Event Pipeline can automate the alert-handling capacity of dozens of analysts, while reducing alert volume by 90% or more. Watch our case study video with High Wire Networks to see how a master MSSP uses Smart SOAR.
Guest blog courtesy of D3 Security. Read more D3 Security guest blogs and news here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
