28 Feb Enhancing Cybersecurity with RSM: A Deep Dive into Managed Security Services
in Blogs
Expert Insights on the Role of AI and Automation in Enhancing Cybersecurity Resiliency
– Vlad Babiuk, Director of Competitive Technical Product Marketing
San Jose, Calif. – Feb. 28, 2025
Resiliency is an increasingly important concept in cybersecurity. Vendors are increasingly using AI and automation to improve resiliency by speeding cybersecurity incident detection and response times, but their customers don’t always have a clear understanding of what that means. Recently, Stellar Cyber’s Director of Competitive Technical Product Marketing, Vlad Babiuk, spoke with Dan Lauritzen, Director of Cybersecurity Services at RSM US LLP, and Todd Willoughby, CISSP, Director, Security Transformation at RSM US LLP, to get their perspectives on these topics. The RSM Defense Group offers MSSP services to the company’s global client base.
Vlad: What are the biggest macro-level trends impacting cybersecurity?
Dan: Most of our clients are focused on navigating compliance requirements and the cybersecurity concerns that flow from those, and with scaling up their level of security as they grow. Cybersecurity is often a new horizon for our SME clients – tools like SIEM, event management or really anything beyond firewalls is new for them – and it’s a challenge for them to deal with new security vendors and providers.
Todd: We also discuss digital transformation initiatives and the use of AI and other technologies to boost efficiencies, and that often leads us into cloud migration, supply chain vulnerabilities, and other topics our clients may not have thought about. We try to stress that cybersecurity isn’t a cost center anymore – it’s more of a foundation of operational continuity and customer trust.
Vlad: How do your customers address the concept of resiliency? Is it a top-of-mind topic for them?
Dan: It’s top of mind for a lot of our customers, although it depends on their exposure to cybersecurity and their maturity in that area. It’s not just about stopping attacks; it’s about business continuity. We do a lot of proactive risk assessments and incident response/recovery plans, and then we give clients access to a lot of advanced cybersecurity tools that leverage AI and automation, technologies they might not otherwise be able to access based on their budgets.
Todd: I also find that while the concept of resiliency comes up, it’s often in an incomplete context. In a tactical sense, they think about retention or compliance or BCDR goals, but that limits their understanding of the importance of ransomware protection, or how cybersecurity ties into the overall concept of security for their company. So, we have to open their minds to the broader implications of cybersecurity and get them to consider which of their systems can afford to operate with diminished capacity, and which systems can’t. Those kinds of questions help them think about resiliency in a broader context.
Vlad: What are your customers asking about AI or Gen AI?
Dan: We’re getting asked about AI and Gen AI constantly, but there’s generally little understanding of the basic concepts of AI – things like data collection, data models, and the creation of LLMs. Clients usually have specific questions about specific AI-driven-applications like CoPilot, and it’s our job to provide a better understanding of those core concepts so our clients’ questions get better over time. But I’d also say our clients are cautiously optimistic and opportunistic when applying AI, and it’s generally vendor led. I think we’re just scratching the surface with GenAI.
Todd: Security teams are usually eager to adopt AI, but I agree that on the business side they’re generally more cautious. Running the operations side of the business, we hear that hackers are going to use AI to improve their attacks. Some of that is fear mongering, but we do see AI-driven phishing attacks, for example, so we definitely need to show clients some protective boundaries, so they become aware of the risks, while also learning to be less fearful about potentially exposing sensitive information by accident.
Vlad: Let’s categorize AI – maybe GenAI for creating threat summaries and rules, for example, or for predictive analytics in UEBA, or automation in SOAR, or AI SOCs. How do you see those specific applications for your customers?
Dan: There’s a lot of confusion. Vendors may stretch the limits of the word “AI” when they’re really talking about machine learning or predictive analytics or potentially automation – they can all get bundled up and just called AI. We use Gen AI to help simulate attack scenarios and for threat detection. In the Stellar Cyber platform machine learning finds patterns, and that makes customers more productive and quicker to respond to threats.
Todd: I’m seeing that Gen AI will continue to penetrate slowly for a while, while automation and analytics are really what’s happening now – there’s massive adoption of those. The question is, what can clients do to prepare? Since the market is driving greater ubiquity of AI in cyber tools, every vendor needs to explain how it’s being used in their tools, and our clients need to start thinking about that. Another point is that there are differentiated skill sets required now. For example, if you want to take advantage of AI capabilities, the clients need people who understand data and the models needed to inform AI tools, and they need to apply that thinking with their vendors. They need to make vendors explain specifically how they’re using AI in their tools.
Vlad: Where do you see AI, cybersecurity and resiliency going over the next few years?
Dan: Our clients need to be prepared for ubiquitous AI in every business tool, which means they need to educate themselves, and get help doing that if they need it.
Todd: From a threat operations standpoint, we’re going to see continued expansion of AI used to drive and force-multiply security teams. There are a lot of fundamentals that go into understanding SecOps. If an ISP handles all the issues and doesn’t train the tech teams that use the tools to respond to threats, it’s going to be a problem when the hackers start using AI. From a resiliency standpoint, AI will one day be able to automate responses to attacks to minimize downtime on critical business systems, rerouting resources, or isolate problems in real time, for example. It’ll encroach into the areas where manual intervention is typically needed. But the cybersecurity world keeps changing, and AI will evolve to help us keep up with the changes.
Listen to the full interview.
– Vlad Babiuk is the Director of Competitive Technical Product Marketing at Stellar Cyber.
About Stellar Cyber
Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.