Artificial intelligence (AI) is going to revolutionize security operations. That much should be uncontroversial. The real questions are what form will that revolution take and how far into it are we? Sometimes it seems like every vendor is putting AI at the core of their products, but at other times it feels like we’re still in the hype stage without many meaningful advancements.
We recently published our 2024 MSSP Survey, in which we asked active MSSP professionals about the current state of the industry. The survey covered many interesting topics, including a couple of questions about AI. We found that 80% of the MSSPs represented by survey respondents already use AI to some extent. However, the use cases were varied in a way that suggested AI is not yet integral to the delivery of managed services. We broke the responses into broad categories and found that 15% of the respondents use AI for non-security tasks, like supporting sales and marketing, 13% use it for analysis and threat detection, and 13% use it for automation and orchestration. The rest of the responses were spread across other categories. From that data, we can see that no single use case for AI has broken through to become ubiquitous.
Every single respondent to the survey said their MSSP had plans to use AI in the future, which is no surprise. MSSPs face stiff competition and need to pursue every possible edge when it comes to efficiency and competitive differentiation. Automation, a technological innovation that is more mature than AI, helps approximately two-thirds of the MSSPs in our survey to improve their revenue, profit margins, and differentiation. It is not out of the question that AI can reach that level of positive impact in the next few years. That’s why D3 recently announced Ace AI, a collection of AI capabilities that will help MSSPs and in-house security teams to act faster, spend less time training, and reduce administrative burdens.
With all the AI talk out there, it can be hard to separate the fluff from the substance, so let’s take a look at what types of AI are out there—including Ace AI—and where the opportunities are for MSSPs.
Current AI Offerings
Many security vendors that are popular with MSSPs heavily emphasize the AI capabilities in their platforms, but what are they actually offering?
Chat bots were an early example of AI in security tools, and many platforms still include them. Chat bots might provide recommended next steps based on previous user actions, answer natural language queries, and assist users in other ways.
With the recent explosion of generative AI in the form of large language models (LLMs), vendors have gone beyond the capabilities of early chat bots. Now, generative AI is also used for things like producing incident summaries, presenting analyst notes, and generating reports.
Another popular AI function is the analysis of large amounts of data, which informs some of the generative AI recommendations that we’ve described, but is also used to pull intelligence from documents, assess processes to identify improvements, create detections that don’t rely on predetermined rules, and uncover links between alerts—among other capabilities.
A more advanced emerging use case for generative AI is the ability to generate complex outputs like playbooks, code, and threat hunting workflows from natural language prompts.
Our Ace AI features break down into a few of these categories. Prompt-generated playbooks are our most ambitious innovation. Being able to turn plain text into playbooks will make SOC teams faster, reduce the learning curve for security engineers, and minimize human error. All of these are benefits that scale with the size of an MSSP’s customer base.
Augmented investigations is another feature will reduce administrative overhead for MSSPs by taking all the relevant context of an investigation—including related incidents, artifacts, notes, playbook actions, dynamic form content, and MITRE TTPs—to automatically generate incident summaries, findings and analysis summaries, and recommended remediation actions.
Finally, AI-powered search will take natural language search queries and uses its contextual knowledge to automatically retrieve the appropriate command.
Opportunities for MSSPs
With all these AI capabilities becoming available, where are the big opportunities for MSSPs? Of the developments we’ve covered, the most exciting opportunity for MSSPs probably comes from prompt-generated content. All tools have learning curves, and even with codeless playbooks and other user-friendly improvements, building workflows takes time and ties down engineering resources. Using AI to turn prompts into content bypasses that entirely, eliminating the barrier between the user’s intent and the execution. This could make MSSPs more efficient and greatly reduce training time.
That said, some of the less exciting-sounding capabilities can still have a huge impact. In our survey, we were surprised to find that in questions about the biggest timewasters and challenges for MSSPs, tasks related to administration and client management—such as reporting, onboarding, and communication—were cited more frequently by respondents than any security operations tasks. Based on those answers, GenAI-based features that streamline things like reporting could do a lot to eliminate common pain points for MSSPs.
To learn more about the present and future of the MSSP industry, don’t forget to check out our 2024 MSSP Survey. The findings on AI are just one small piece of this valuable report.