Security Teams Want to Replace MDR With AI: A Good or Bad Idea?

Why Trust Techopedia

Managed Detection and Response (MDR) systems — a combined set of offensive security outsourced tools and services — have become increasingly popular in the past years as the global threat landscape intensifies.

MDR systems combine enhanced threat detection and advanced threat hunting capabilities to uncover hidden threats that might evade traditional security solutions.

Combining human expert security specialists’ insight with automation, MDR promises an agile reaction to security incidents, minimizing potential damage. However, a new report from Radiant Security found that most security professionals are open to replacing MDR solutions with AI.

Key Takeaways

  • A study by Radiant Security found that 60% of security professionals are interested in replacing MDR with AI due to frustrations with slow response times and high false positives from MDR tools.
  • Major MDR vendors are incorporating AI into their offerings to improve accuracy and response times.
  • The MDR market is expected to grow significantly from $1.56 billion in 2023 to $8.59 billion by 2032.
  • Security experts believe AI will not completely replace MDR but rather augment it by automating tasks and improving efficiency for security analysts.

‘60% of Professionals Open to End of MDR,’ Study Says

A recent study by Radiant Security — an AI-enhanced security operations solution — found that the majority of IT security professionals (60%) are open to replacing their MDR solution with artificial intelligence (AI).

The study revealed that one-third of all organizations surveyed were breached in the past 12 months. With attacks like phishing, social engineering, and malware becoming more sophisticated, the survey concluded that traditional legacy MDR services are struggling to respond to modern attacks and their aftermath.

Almost half (44%) of MDR users reported that it took more than four weeks to remediate a single incident. Slow remediation response time is a big problem, as unpatched breaches allow criminals to continue exfiltrating data, shutting down operations, or encrypting assets for ransomware.


Shahar Ben-Hador, CEO and co-founder of Radiant Security, spoke about the conclusions of the report in a press release:

“It’s clear from the recent report and from our internal threat research that existing managed detection and response solutions are ill-equipped to keep up with changes in the threat landscape like the use of adversarial AI.

“SOC teams are beginning to redefine security operations with a more innovative approach, and we’re delivering AI capabilities where MDR has fallen short.”

SOC AI-Powered Innovation: The MDR Transformation

The recent Fortune Business Insight global market report found that the MDR industry continues to grow. Valued at $1.56 billion in 2023, the sector is poised to grow from $1.89 billion in 2024 to a shocking $8.59 billion by 2032.

From healthcare to e-commerce, government, and other sectors, providers like Blockstream, Innowise Group, and IBM Corporation provide advanced MDR security services.

Some of these providers have already incorporated AI into their MDR systems. For example, in October 2023, IBM rolled out what they called “the next evolution” of MDR services.

The company assured that with new AI technologies, their new MDR can automatically escalate or close up to 85% of alerts, helping to accelerate security response timelines for clients.

IBM was not the only MDR provider to integrate AI into MDR, proving that big tech is not blind to AI’s benefits and traditional MDR tools’ deficits. From Microsoft Copilot Security to CrowdStrike’s AI-Native Falcon Xplatform, Lumen Technologies’ advanced MDR, BlackBerry’s CylanceMDR, and many others, countless leading vendors have rolled out or announced new AI-powered MDR services or alternative AI SOC solutions in 2024.

With MDR users (84%) expressing dissatisfaction with legacy tools only nine months after purchase — and 32% saying MDR tools escalated more than their team can handle —  alleviating work for security teams stretched thin who cannot spend hours triaging, investigating, and responding to all alerts, becomes essential.

Is Replacing MDR with AI a Good Idea? Experts Answer

MDR’s main pain points for security teams include alert fatigue, false positives, and being outnumbered by attackers.

Lisa McStay, Chief Operating Officer at Continuity2, a continuity software provider, spoke to Techopedia about the issue.

“The first stand-out takeaway is the dissatisfaction with MDR systems across the board. A mix between high false positive rates and system inefficiencies is driving a shift for AI solutions, the driving factor being accuracy.”

McStay said that the report’s findings that claim that AI has the potential to automate and decrease workloads by as much as 95% are “potentially inflated”.

“I don’t think it will be that high in practice, but I would still expect a massive reduction in workload (circa 50-80%). Perhaps opening up a new conversation around where time should be spent best?”

McStay added that she does believe replacing MDR with AI is “smart, and certainly what the future will look like”, based on accuracy and response time.

“Both improve massively with AI implementation and are essential for effective cybersecurity. As well, the free time security teams will have to deal with more complex issues. It really comes down to smarter work and spending resources wisely.”

‘Not Replace, Augment’

Michael Hasse, Cybersecurity and Technology Consultant told Techopedia that switching MDR with AI is not a new idea.

“MDR systems for Fortune-1000 started making this shift several years ago.”

“The catch is that nobody is ‘replacing’ anything, rather AI is being integrated solely for the purpose of expediting detection and response, which improves the signal-to-noise ratio for human operators drastically and makes for a far more effective SOC,” Hasse explained.

When questioned whether it was a good idea to replace MDR with AI Hasse said security teams should not be replacing MDR services but rather augmenting them.

“Current EDR-MDR solutions with 24/7 manned SOCs having AI integrated have a typical threat detection and response time of less than one minute, with a human operator able to review in less than five minutes.”

Neal Humphrey, VP of Market Strategy at Deepwatch, a managed security platform for the cyber resilient enterprise, agreed.

“Replace, no. Augment, advance, expedite, and provide secondary lines of logic and analysis, yes.”

“Provide recommendations, and retain the decisions made and help determine the effect of those decisions, also yes,” Humphrey said.

“This will allow advanced security models for machine learning, generative AI and other technology to surface and improve analysis of the lessons learned from a single organization or from a larger group of organizations approaching a common adversary and to effectively communicate through co-pilots and unified AI options.”

SOC Teams at Inflection Point

SOC teams are at an inflection point as AI technologies spread and integrated through security solutions. But as technologies and services modernize, cybercriminals continue to reap chaos.

Steve Wilson, Chief Product Officer of Exabeam, an AI-driven security operations company, told Techopedia that companies that are not keeping pace with AI-cyber defense are already behind.

Security teams, overworked and understaffed, should not be dealing with MDR services that “just add noise”, Wilson said, adding that still MDR and AI are critical.

“AI-driven technologies enable us to sift through terabytes of data in near real-time, learning to differentiate between normal and abnormal activities,” Wilson said. “This means we only elevate genuine threats, enhancing speed and accuracy – and thus improving security.”

“The future of cyber defense is AI, and if you’re stuck in the past with outdated tools, you’re writing your own obsolescence notice. Adapt or get left behind in the digital dust.”


Related Reading

Related Terms

Ray Fernandez
Senior Technology Journalist
Ray Fernandez
Senior Technology Journalist

Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.