0 notifications + Video

Listen to this Post

Featured Image

I’m looking for…

Home

1

My Network

Jobs

1

Messaging

23

Notifications

Me

For Business

Learning

Premium

Tony Moukbel

Tony Moukbel

Multi-Talented Innovator | 13 Innovations & 4 Patents | Cyber Security Expert | IT & Ai Engineering | 58 Certifications in Cybersecurity, Forensics, Programming & Electronics Dev.

Lebanon

UNDERCODE TESTING

Profile viewers

56

Post impressions

25

Your Premium features

Feed post

View Raffael Marty’s profile

Raffael Marty

• 2nd

Cybersecurity Executive & Operator | Former EVP & GM | Board Member, Investor & Author

1w •

Follow

The next MDR winner will not look like an MDR company.

It will look like a software company that learned how to encode SOC judgment into a product. The response to my last MDR post made one thing clear: people are paying attention to the category shift. MDR is not going away. But the old service-first model is under real pressure.

The next-generation MDR platform has to become:

• Product-first, not analyst-labor-first

• AI-native, not “chatbot on top of alerts”

• Symbiotic with the SIEM, not pretending the SIEM disappears

• Deterministic where safety matters

• Directly connected to response and enforcement

• Measured by proof of risk reduction, not alert volume

The moat is not “we use AI.” Everyone will use AI. The moat is whether years of SOC judgment have been turned into structured, versioned, reusable operational knowledge: investigation logic, response policies, approval paths, customer context, guardrails, and feedback loops that improve over time.

That is the real shift. MDR is moving from outsourced alert handling to an AI-native SecOps control plane.

New post:

https://lnkd.in/gBPs2KcP

View image

188 reactions188

31 comments31 comments

14 reposts14 reposts

Like

Comment

Repost

Send

View Joshua Motta’s profile

Joshua Motta Verified Profile 3rd+Joshua Motta • 3rd+

Co-Founder & CEO, Coalition

1w

Couldn’t agree more. That product is already here, and it is called ⚡wirespeed.

44

See previous replies

View Tim MalcomVetter’s profile

Tim MalcomVetter Premium Profile 2ndTim MalcomVetter • 2nd

⚡️Wirespeed by Coalition

1w

Raffael Marty you missed one other requirement:

  • faster than AI compute alone.

In an emerging era where we’re all accepting that attackers are AI enabled as well, we cannot have AI vs AI speed. That’s like two foot race runners the same 100m sprint times, but one (the attacker) starts the race first. The second one (the defender) will rarely (never?) catch up.

Or like an enemy fighter jet flying at Mach 3 being chased by a air defense missile that also travels Mach 3. Interception either won’t happen, or after enough damage.

That disqualifies every offering in the market today, except one. Or put another way: everyone else is racing to solve yesterday’s MTTR times.… more

View Joshua Neil’s profile

Joshua Neil Verified Profile FollowingJoshua Neil • Following

Precision threat detection – Alpha Level

1w

I agree with all of this but I would add one more thing: affordable. Token burn is real, and its not going away. All of the above criteria wont mean much if its too expensive. For builders, this means do as much as possible BEFORE you hit the agent with prompts.

33

See previous replies

View Shannon Murphy’s profile

Shannon Murphy Verified Profile 2ndShannon Murphy • 2nd

Driving GTM Strategy | Global Speaker on AI and Cybersecurity | Industry Commentator

1w

Joshua Neil +1 !!!

View Tom Le’s profile

Tom Le Verified Profile 2ndTom Le • 2nd

Unconventional Security Thinking | Follow me. It’s cheaper than therapy and twice as amusing.

1w

I think the next winning MDR company will be the one that can integrate multiple AI control planes across the stack. Every vendor is building something around agentic control plane today and no one has a complete end-to-end capability, including the major security and networking vendors with a massive incumbent advantage. The current approaches around continuous validation, new agentic IAM paradigms, and behavioral monitoring individually and in aggregate cannot discover intent. So we will all be living with a patchwork of AI security layers for years. The next big thing will be that middle layer that manages all the other layers. … more

22

See previous replies

View Evan Powell’s profile

Evan Powell Premium Profile 3rd+Evan Powell • 3rd+

Many time founder & 5 exits – reimagining cyber security with deep learning foundation models | Dad | Lucky Husband | Spartan | Dawg fan | Optimist

1w

Tom Le love that you mention behavioral layers to discover intent; DeepTempo now in prod showing purpose built foundation models massively outperform trad ML and of course rules based detections. I also agree it’s the users looking systematically at building machine speed intelligence that’ll win. Cribl is a big piece of many of our most successful users.… more

View Michael H.’s profile

Michael H. Verified Profile FollowingMichael H. • Following

Co-Host of Atomics on a Friday | LOLDrivers, LOLRMM & Atomic Red Team Maintainer

1w

What’s also the endgame with a faster ai driven SOC? Detections are up, faster detectioning is happening, more detections written to detect more things. Ai will now detect the same patterns faster?
On the flip side, RMMs are up, BYOVD to burn down EDRs is up, non-binary software supply chain attacks are up, phishing kits, lateral movement, web applications not being patched fast enough, n-days all over, ai writing faster and more vulnerable code. Everything is up! When will the script flip?… more

View Harlan Carvey’s profile

Harlan Carvey Verified Profile FollowingHarlan Carvey • Following

Principal Threat Intel Analyst, Adversary Tactics

1w

I started at Secureworks in 2013, and while I wasn’t part of the MSSP side of the company, that was essentially an MDR. I’ve been directly engaged with several other MDRs along the way, and I have a long history of DFIR consulting were I got an inside, behind-the-curtain look at the inner workings of a lot of companies, going back to 2000.

The point of sharing this is that the vast majority of organizations are built on default installations of OSs and applications. Most orgs aren’t aware of their own business processes (does IT use ‘net user’ to create and manage user accounts??), let alone what’s “normal” for their infrastructure.

What’s “normal” or legit for one dept or company is going to be malicious or at least suspicious for another dept/company, with no real means for determining which without human interaction. Automatic actions or remediations will significantly impact critical business processes.

An MDR compounds this issue by several orders of magnitude, not just linearly based on the number of customers. … more

View Obbe Knoop’s profile

Obbe Knoop Premium Profile 3rd+Obbe Knoop • 3rd+

Founder, Lanxit | Building the missing layer between security signals and decisions

1w

What’s interesting is that the conversation is slowly shifting from:

“How do we detect faster?”

to:

“How do we continuously produce operational decisions under pressure?”

Detection, telemetry, copilots, automation and even autonomous response still don’t solve the hardest part:

reasoning consistently across fragmented technical + operational + business context to determine:

what actually matters,what the business risk is,what should happen next,and why – with clear reasoning.

That feels like the real architectural shift now underway.… more

View Norman Currie’s profile

Norman Currie Verified Profile 2ndNorman Currie • 2nd

Cybersecurity Leader | Board Advisor | Mentor and Investor | Eternal Optimist | Twins Dad

(edited) 1w

Interesting analysis, and I agree with the premise. The one message I’d add is that some of the trends we’re seeing in AI centric adoption in the SOC are shortsighted.

‘AISOC’, a term that I truly think is overused, even when properly developed as an agent based initiative for SecOps, is NOT a product. Those who developed and went to market as an AISOC solution will be relegated to features in a broader agentic AI world. Just my .02… more

View Evan Powell’s profile

Evan Powell Premium Profile 3rd+Evan Powell • 3rd+

Many time founder & 5 exits – reimagining cyber security with deep learning foundation models | Dad | Lucky Husband | Spartan | Dawg fan | Optimist

1w

100% yes AI-native SecOps control plane.

The bitter lesson suggests it is actually not, though, only “years of SOC judgement”.(judgement obviously crucial) Models like our LogLM DeepTempo are massively beyond SOC judgement / human levels. Deep (and spiky) intelligence is available to support MDRs for detections for example. … more

View Sonu Goswami’s profile

Sonu Goswami 3rd+Sonu Goswami • 3rd+

Positioning for funded B2B SaaS in security, compliance & regulated markets | Clarifying the economic wedge that accelerates complex deals

1w

Raffael Marty Encoding analyst judgment is only part of it. The bigger challenge is carrying enough operational context that teams trust the system to act without creating downstream exposure. Most SOC knowledge breaks during handoff between detection, validation and enforcement.

Ting Wang Verified Profile 3rd+Ting Wang • 3rd+

Ex-Splunk, Founder & CEO @ Timeplus | Real-time Data Control Plane

(edited) 1w

Strongly agree, Raffy. This next “Productized MDR” isn’t just an “AI layer” on top of alerts; it requires a fundamentally different architecture and a symbiotic relationship with SIEM.

Back in our Splunk days, the “logs + search” architecture was the foundational tier for the SIEM era. But in AI-native SecOps, that model hits a wall in context, latency, and cost as agents begin operating at machine speed, scale, and autonomously. We at Timeplus are building this AI-native control plane to solve this.… more

About

Accessibility

Help Center

Ad Choices

Advertising

Get the LinkedIn app

More

LinkedIn Corporation © 2026

Tony Moukbel

MessagingYou are on the messaging overlay. Press enter to open the list of conversations.
1

Compose message

You are on the messaging overlay. Press enter to open the list of conversations.

Page inboxes

2

2 new notifications

Click to see affiliated inboxes

▶️ Related Video (98% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Raffy The – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky