Listen to this Post

I’m looking for…
Home
1
My Network
Jobs
1
Messaging
23
Notifications
Me
For Business
Learning
Premium
Tony Moukbel
Tony Moukbel
Multi-Talented Innovator | 13 Innovations & 4 Patents | Cyber Security Expert | IT & Ai Engineering | 58 Certifications in Cybersecurity, Forensics, Programming & Electronics Dev.
Lebanon
UNDERCODE TESTING
Profile viewers
56
Post impressions
25
Your Premium features
Feed post
View Raffael Marty’s profile
Raffael Marty
• 2nd
Cybersecurity Executive & Operator | Former EVP & GM | Board Member, Investor & Author
1w •
Follow
The next MDR winner will not look like an MDR company.
It will look like a software company that learned how to encode SOC judgment into a product. The response to my last MDR post made one thing clear: people are paying attention to the category shift. MDR is not going away. But the old service-first model is under real pressure.
The next-generation MDR platform has to become:
• Product-first, not analyst-labor-first
• AI-native, not “chatbot on top of alerts”
• Symbiotic with the SIEM, not pretending the SIEM disappears
• Deterministic where safety matters
• Directly connected to response and enforcement
• Measured by proof of risk reduction, not alert volume
The moat is not “we use AI.” Everyone will use AI. The moat is whether years of SOC judgment have been turned into structured, versioned, reusable operational knowledge: investigation logic, response policies, approval paths, customer context, guardrails, and feedback loops that improve over time.
That is the real shift. MDR is moving from outsourced alert handling to an AI-native SecOps control plane.
New post:
https://lnkd.in/gBPs2KcP
View image
188 reactions188
31 comments31 comments
•
14 reposts14 reposts
Like
Comment
Repost
Send
View Joshua Motta’s profile
Joshua Motta Verified Profile 3rd+Joshua Motta • 3rd+
Co-Founder & CEO, Coalition
1w
Couldn’t agree more. That product is already here, and it is called ⚡wirespeed.
44
See previous replies
View Tim MalcomVetter’s profile
Tim MalcomVetter Premium Profile 2ndTim MalcomVetter • 2nd
⚡️Wirespeed by Coalition
1w
Raffael Marty you missed one other requirement:
- faster than AI compute alone.
In an emerging era where we’re all accepting that attackers are AI enabled as well, we cannot have AI vs AI speed. That’s like two foot race runners the same 100m sprint times, but one (the attacker) starts the race first. The second one (the defender) will rarely (never?) catch up.
Or like an enemy fighter jet flying at Mach 3 being chased by a air defense missile that also travels Mach 3. Interception either won’t happen, or after enough damage.
That disqualifies every offering in the market today, except one. Or put another way: everyone else is racing to solve yesterday’s MTTR times.… more
View Joshua Neil’s profile
Joshua Neil Verified Profile FollowingJoshua Neil • Following
Precision threat detection – Alpha Level
1w
I agree with all of this but I would add one more thing: affordable. Token burn is real, and its not going away. All of the above criteria wont mean much if its too expensive. For builders, this means do as much as possible BEFORE you hit the agent with prompts.
33
See previous replies
View Shannon Murphy’s profile
Shannon Murphy Verified Profile 2ndShannon Murphy • 2nd
Driving GTM Strategy | Global Speaker on AI and Cybersecurity | Industry Commentator
1w
Joshua Neil +1 !!!
View Tom Le’s profile
Tom Le Verified Profile 2ndTom Le • 2nd
Unconventional Security Thinking | Follow me. It’s cheaper than therapy and twice as amusing.
1w
I think the next winning MDR company will be the one that can integrate multiple AI control planes across the stack. Every vendor is building something around agentic control plane today and no one has a complete end-to-end capability, including the major security and networking vendors with a massive incumbent advantage. The current approaches around continuous validation, new agentic IAM paradigms, and behavioral monitoring individually and in aggregate cannot discover intent. So we will all be living with a patchwork of AI security layers for years. The next big thing will be that middle layer that manages all the other layers. … more
22
See previous replies
View Evan Powell’s profile
Evan Powell Premium Profile 3rd+Evan Powell • 3rd+
Many time founder & 5 exits – reimagining cyber security with deep learning foundation models | Dad | Lucky Husband | Spartan | Dawg fan | Optimist
1w
Tom Le love that you mention behavioral layers to discover intent; DeepTempo now in prod showing purpose built foundation models massively outperform trad ML and of course rules based detections. I also agree it’s the users looking systematically at building machine speed intelligence that’ll win. Cribl is a big piece of many of our most successful users.… more
View Michael H.’s profile
Michael H. Verified Profile FollowingMichael H. • Following
Co-Host of Atomics on a Friday | LOLDrivers, LOLRMM & Atomic Red Team Maintainer
1w
What’s also the endgame with a faster ai driven SOC? Detections are up, faster detectioning is happening, more detections written to detect more things. Ai will now detect the same patterns faster?
On the flip side, RMMs are up, BYOVD to burn down EDRs is up, non-binary software supply chain attacks are up, phishing kits, lateral movement, web applications not being patched fast enough, n-days all over, ai writing faster and more vulnerable code. Everything is up! When will the script flip?… more
View Harlan Carvey’s profile
Harlan Carvey Verified Profile FollowingHarlan Carvey • Following
Principal Threat Intel Analyst, Adversary Tactics
1w
I started at Secureworks in 2013, and while I wasn’t part of the MSSP side of the company, that was essentially an MDR. I’ve been directly engaged with several other MDRs along the way, and I have a long history of DFIR consulting were I got an inside, behind-the-curtain look at the inner workings of a lot of companies, going back to 2000.
The point of sharing this is that the vast majority of organizations are built on default installations of OSs and applications. Most orgs aren’t aware of their own business processes (does IT use ‘net user’ to create and manage user accounts??), let alone what’s “normal” for their infrastructure.
What’s “normal” or legit for one dept or company is going to be malicious or at least suspicious for another dept/company, with no real means for determining which without human interaction. Automatic actions or remediations will significantly impact critical business processes.
An MDR compounds this issue by several orders of magnitude, not just linearly based on the number of customers. … more
View Obbe Knoop’s profile
Obbe Knoop Premium Profile 3rd+Obbe Knoop • 3rd+
Founder, Lanxit | Building the missing layer between security signals and decisions
1w
What’s interesting is that the conversation is slowly shifting from:
“How do we detect faster?”
to:
“How do we continuously produce operational decisions under pressure?”
Detection, telemetry, copilots, automation and even autonomous response still don’t solve the hardest part:
reasoning consistently across fragmented technical + operational + business context to determine:
what actually matters,what the business risk is,what should happen next,and why – with clear reasoning.
That feels like the real architectural shift now underway.… more
View Norman Currie’s profile
Norman Currie Verified Profile 2ndNorman Currie • 2nd
Cybersecurity Leader | Board Advisor | Mentor and Investor | Eternal Optimist | Twins Dad
(edited) 1w
Interesting analysis, and I agree with the premise. The one message I’d add is that some of the trends we’re seeing in AI centric adoption in the SOC are shortsighted.
‘AISOC’, a term that I truly think is overused, even when properly developed as an agent based initiative for SecOps, is NOT a product. Those who developed and went to market as an AISOC solution will be relegated to features in a broader agentic AI world. Just my .02… more
View Evan Powell’s profile
Evan Powell Premium Profile 3rd+Evan Powell • 3rd+
Many time founder & 5 exits – reimagining cyber security with deep learning foundation models | Dad | Lucky Husband | Spartan | Dawg fan | Optimist
1w
100% yes AI-native SecOps control plane.
The bitter lesson suggests it is actually not, though, only “years of SOC judgement”.(judgement obviously crucial) Models like our LogLM DeepTempo are massively beyond SOC judgement / human levels. Deep (and spiky) intelligence is available to support MDRs for detections for example. … more
View Sonu Goswami’s profile
Sonu Goswami 3rd+Sonu Goswami • 3rd+
Positioning for funded B2B SaaS in security, compliance & regulated markets | Clarifying the economic wedge that accelerates complex deals
1w
Raffael Marty Encoding analyst judgment is only part of it. The bigger challenge is carrying enough operational context that teams trust the system to act without creating downstream exposure. Most SOC knowledge breaks during handoff between detection, validation and enforcement.
Ting Wang Verified Profile 3rd+Ting Wang • 3rd+
Ex-Splunk, Founder & CEO @ Timeplus | Real-time Data Control Plane
(edited) 1w
Strongly agree, Raffy. This next “Productized MDR” isn’t just an “AI layer” on top of alerts; it requires a fundamentally different architecture and a symbiotic relationship with SIEM.
Back in our Splunk days, the “logs + search” architecture was the foundational tier for the SIEM era. But in AI-native SecOps, that model hits a wall in context, latency, and cost as agents begin operating at machine speed, scale, and autonomously. We at Timeplus are building this AI-native control plane to solve this.… more
About
Accessibility
Help Center
Ad Choices
Advertising
Get the LinkedIn app
More
LinkedIn Corporation © 2026
Tony Moukbel
MessagingYou are on the messaging overlay. Press enter to open the list of conversations.
1
Compose message
You are on the messaging overlay. Press enter to open the list of conversations.
Page inboxes
2
2 new notifications
Click to see affiliated inboxes
▶️ Related Video (98% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Raffy The – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]


