In the recent episode of The Security Strategist podcast, Jim Waggoner, VP of Product Strategy at N-able, and Joe Ferla, one of N-able’s Head Nerds, speak to host Chris Steffen, Vice President of Research at Enterprise Management Associates (EMA). They addressed one of cybersecurity’s biggest misconceptions – while organizations might be getting better at spotting threats, most still struggle to respond to them in real time.

“We live in a time where the threat landscape is changing instantly,” Steffen said. With threat actors speeding up their tactics, Waggoner and Ferla insist that the only way forward is constant reassessment.

When the ‘Response Action’ Doesn’t Deliver

Steffen began by asking the IT leaders about a key challenge faced by many CISOs. He says that the industry often talks about “EDR, MDR, XDR,” yet the promise of real-time response frequently remains unfulfilled.

Ferla identified a major problem here: the wrong people are making purchasing decisions. “In the small to mid market, I often see decision-makers who aren’t security experts, and they’re the ones driving the purchasing,” he explained. These executives “trust that the product works as they want, but they don’t know what they really need in the field,” which leads organizations to buy advanced tools they cannot actually use.

Even more troubling, Ferla noted that many customers request capabilities that no MDR could or should handle. “I have people at N-able coming to me, thinking that we can manage backups as a response. And that's simply not possible.”

Waggoner, who spent years developing incident response tools, sees another side of the issue. Vendors often downplay the “response” aspect. “When it came to the R,” he said, “it was a little R.” True MDR has to go well beyond automated blocking. “Can we disable accounts? Can we prevent ransomware from affecting other systems or stop lateral movement?”

Also Read: N-able Annual Threat Report 2025

Where AI and Cybersecurity Go Next

When asked about the future of detection and response, Ferla shed light on the increasing complexity. He remembered running an MSP alone just a few years ago. “Nowadays, I could not come anywhere near close to doing this,” he said. “It's impossible.”

Waggoner stated that AI will shape the next phase—not just for attackers, but also for defenders who face ongoing staffing shortages. Threat actors are already using AI to change tactics and automate reconnaissance. Defenders need to keep up: “Look at companies like us, using AI for detection models and for responses to address the people shortage.”

Waggoner encouraged IT decision-makers to find ways AI can strengthen their security, not make it more complicated. “Get ahead of it. See how you can truly use AI's capabilities to better protect yourself,” he stated.

Takeaways

  • Detection and response tools are evolving rapidly.
  • Organizations often have unrealistic expectations of their security capabilities.
  • Continuous review of security strategies is essential.
  • MSPs play a crucial role in enhancing security for small to mid-sized businesses.
  • Proactive measures are necessary to stay ahead of threats.
  • AI is transforming the cybersecurity landscape.
  • Maturity in security means recognizing gaps and seeking help.
  • Implementing effective detection requires visibility across all systems.
  • The threat landscape is constantly changing, requiring adaptive strategies.
  • Basic security practices must be done well to mitigate risks.

Chapters

  • 00:00 Introduction to Cybersecurity Strategies
  • 02:54 Understanding Detection and Response Tools
  • 05:52 The Gap Between Expectation and Reality
  • 09:06 The Importance of Continuous Strategy Review
  • 12:11 The Role of Managed Service Providers (MSPs)
  • 15:09 Implementing Effective Detection and Response
  • 17:52 Future Trends in Cybersecurity
  • 20:47 Final Thoughts and Key Takeaways