Security leaders are rethinking how detection and response work in practice in 2026 owing to growing complexities in cybersecurity technology and the threat landscape.

On this episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, spoke with Daniel Martin, Director of Product Management at Rapid7. They discussed how modern Security Operations Centres (SOCs) are evolving, where AI truly adds value, and why outcomes—not features—should guide cybersecurity teams.

A recurring theme in their discussion was that while the threat landscape continues to evolve, many core challenges for SOCs remain unchanged. According to Martin, security teams still struggle with alert fatigue, lack of context, and the pressure to respond quickly—all while juggling increasingly complicated domains.

Organisations now require detection and response that is tailored to their specific environment, not generic threat models. Such a shift explains the rise of Managed Detection and Response (MDR) and the decline of one-size-fits-all managed security services. Customers want results, not noise, and they seek partners who understand their business context.

Martin says that this philosophy lies at the heart of Rapid7’s approach to Incident Command, its modern Security Information and Event Management (SIEM) offering. Instead of treating SIEM, Security Orchestration, Automation, and Response (SOAR), and threat intelligence as separate tools, Incident Command integrates them directly into the analyst workflow. The aim is to provide decision support in real-time—delivering relevant context, threat intelligence, and recommended actions exactly when needed, without making analysts switch between different systems.

Martin emphasised that a modern SIEM's success isn’t measured by the amount of data it can handle, but by how effectively it helps analysts make high-quality decisions quickly. Automation is important, but only if it’s applied thoughtfully. Deterministic automation, which includes actions that are predictable, auditable, and repeatable, remains vital for security operations. AI is most useful when it aids reasoning, summarisation, and prioritisation instead of completely replacing human judgment.

“There’s a lot of excitement around autonomous security,” Martin noted, “but chaining unpredictable decisions together is not something customers can trust.” Instead, Rapid7 focuses on using AI to assist analysts at specific moments in an investigation, such as summarising activity, adding context to alerts, or helping decide if more data collection is needed.

Also Watch: Is Your Attack Surface a Swiss Cheese? Solving Attack Surface Management (ASM) Challenges

“Customer Zero” Approach

A key aspect of Rapid7’s product development is its “customer zero” approach. By running its own global MDR SOC, Rapid7 continuously incorporates real analyst feedback into product design. Martin shared that an early mistake was putting AI-driven insights in a separate interface to avoid disrupting workflows; this was quickly corrected after analysts indicated they wouldn’t leave their main view to check a secondary opinion. The lesson was clear: if context matters, it must be available where decisions are made.

Looking ahead to 2026, Martin sees the next step in detection and response as increased visibility combined with better management of the environment. Customers expect MDR providers and security platforms to gather signals beyond traditional EDR and cloud alerts—without overwhelming analysts with extra noise. He believes that achieving this balance is where AI-assisted automation and context-aware workflows will have the greatest impact.

When asked for a final takeaway for CISOs and IT leaders, Martin returned to a theme that ran throughout the conversation: focus on results. It’s easy to be distracted by flashy new features or the latest AI trends, but security improves only when organisations clearly define their goals. When customers express their priorities and vendors align with them, trust increases—and meaningful progress follows.

In a landscape full of tools and promises, Martin believes the future of security operations isn’t about removing humans from the process. It’s about empowering them with the right context, effective automation, and AI that enhances—not replaces—the most important decisions.

Takeaways

  • Organisations are still facing the same core challenges in cybersecurity despite technological advancements.
  • There is a growing demand for more environmental context in detection and response.
  • MDR services are evolving to focus on partnerships rather than just product delivery.
  • Rapid7's Incident Command aims to improve decision support in SOC operations.
  • Automation should be frictionless and integrated into the analyst's workflow.
  • Deterministic automation is crucial for reliable security outcomes.
  • Analysts need to learn from real-time data to enhance response strategies.
  • The future of detection and response will involve broader visibility and ownership of customer environments.
  • Building trust with customers is essential for effective cybersecurity partnerships.
  • Focusing on customer outcomes is key to improving security operations.

Chapters

  • 00:00 Introduction to Cybersecurity and AI Innovations
  • 02:01 Shifts in SOC Operations and Customer Challenges
  • 04:29 MDR Services: A New Approach to Cybersecurity
  • 06:02 Rapid7's Incident Command: Enhancing SIM with Context
  • 08:26 Automation in Cybersecurity: Balancing Efficiency and Control
  • 11:01 Learning from Analysts: Enhancing Response and Automation
  • 12:43 The Future of Detection and Response in Cybersecurity
  • 14:23 Key Takeaways for Security Leaders

#Cybersecurity #Rapid7 #SecurityStrategistPodcast #AIinSecurity #SecurityOperations #SOC #MDR #SIEM #SOAR #IncidentCommand #ThreatDetection #Response #Automation #HumanLedAIDriven #TechPodcast #FutureofSecurity #CISOTakeaways #ITLeaders