close
close

How MSSPs use AI to improve their services and business results

How MSSPs use AI to improve their services and business results
Posted on | Posted on Jasper

Artificial intelligence (AI) has been one of the big buzzwords in cybersecurity for several years. Sometimes what is marketed as AI is just hype, but other times it is something really impactful. MSSPs are always looking for an edge, so their leaders are asking how AI can help them deliver better services and run more profitable businesses.

In this article, we look at some of the ways security vendors are leveraging AI and what that could mean for MSSPs today and in the near future.

Survey says…

We recently conducted our 2024 MSSP Survey, where we asked active MSSP professionals about the current state of the industry. The survey report hasn’t been published yet, but let’s take a look at some of the data related to AI.

We found that 80% of MSSPs represented by survey respondents already use AI to some extent. However, the use cases were varied enough to suggest that AI is not yet an integral part of managed services delivery. We broke down the responses into broad categories and found that 15% of respondents use AI for non-security tasks, such as supporting sales and marketing, 13% for analytics and threat detection, and 13% for automation and orchestration. The remaining responses were spread across other categories.

From this data, we can see that there is not yet a single use case in which AI has become widespread.

Current AI offers

Many security vendors popular with MSSPs heavily emphasize the AI ​​capabilities of their platforms, but what do they actually offer?

Chatbots were an early example of AI in security tools, and many platforms still include it. Chatbots can suggest recommended next steps based on previous user actions, answer queries in natural language, and help users in other ways.

With the recent explosion of large language models (LLMs), vendors have moved beyond the capabilities of chatbots, and generative AI is now also being used for things like creating incident summaries, presenting analyst notes, and generating reports.

Another popular AI function is big data analysis. This is partly for the generative AI recommendations described above, but is also used to extract information from documents, review processes for opportunities for improvement, create detections that are not based on predefined rules, and uncover connections between alerts – among other functions.

A more advanced use case for generative AI that is currently emerging is the ability to generate complex outputs such as playbooks, code, and threat hunting workflows from natural language input.

Opportunities for MSSPs

AI has transformative potential for MSSPs, especially given advances in technology. However, it’s important to separate meaning from significance. Chatbots and LLM integrations are useful, but they’re not the giant leap forward that people envision when they think of AI in SecOps. They may enable incremental improvements, but they won’t revolutionize anyone’s business.

On the other hand, we can look back to our 2024 MSSP Survey for some insights that complicate this perspective. In the survey, we asked two questions about challenges and time wasters, and in both cases, the most common answers had to do with administration and customer communications, not SecOps. So it might not be as exciting, but GenAI-based features that streamline things like reporting could have a big impact on eliminating pain points for MSSPs.

Of the AI ​​developments we’ve covered, perhaps the most exciting opportunity for MSSPs is through prompt-generated content. All tools have learning curves, and even with code-free playbooks and other user-friendly improvements, creating workflows takes time and ties up engineering resources. Using AI to turn prompts into content bypasses this entirely, removing the barrier between user intent and execution. This could make MSSPs more efficient and significantly reduce training time.

About D3 Smart SOAR for MSSPs

D3 supports MSSPs around the world with our Smart SOAR platform. We recently announced Ace AI, a collection of upcoming features for Smart SOAR including automated summaries, natural language search, and prompt-generated playbooks. Smart SOAR supports full multi-tenancy, so you can keep client sites, data, and playbooks completely separate. Importantly, we are vendor agnostic, so no matter what tools your clients use, our unlimited integrations will meet their needs.

D3’s Event Pipeline can automate the alarm processing capacity of dozens of analysts while reducing alarm volume by 90% or more. Watch our case study video with High Wire Networks to learn how a master MSSP uses Smart SOAR.

Guest blog courtesy of D3 Security. Find more guest blogs and news from D3 Security here. Regular guest blogs are part of the MSSP Alert sponsorship program.

Leave a Reply

Your email address will not be published. Required fields are marked *