Cybersecurity tech is a non-negotiable in today’s world.
Just two months into 2025, several concerning developments have already emerged, adding further fuel to the cybercrime fire that faces organizations globally.
In January alone, researchers successfully jailbroke China’s new generative AI model Deepseek, reigniting concerns about how AI could be exploited by threat actors. Meanwhile, in the very same month, two new ransomware campaigns were shown to be exploiting Microsoft Office 365 features, using email bombing to confuse victims before posing as IT support via Teams to gain remote access and deploy malware.
These days, rarely does a month go by without major breaches or new cyber threats making headlines. The risks are impossible to ignore, and few businesses are burying their heads in the sand. Indeed, cybersecurity investments are on the rise, with Gartner forecasting global information security spend to increase 15% in 2025.
Such figures reflect a growing awareness of cyber risks, which is undoubtedly a good thing. However, without careful planning, management and ongoing assessment, cyber investments can snowball, creating a whole host of problems for enterprises.
More Doesn’t Always Mean Better
Striking the right balance isn’t easy when several shiny new cybersecurity technologies, solutions and platforms are launched week after week, offering new capabilities and promising better protection.
Those promises, combined with the consistent release of new research reports warning that cyber threats are constantly evolving and advancing, understandably push many businesses to grab the latest cybersecurity tools with both hands.
In high value sectors like financial services, where organizations are anxious to protect their clients’ assets and their own reputations, the temptation to overspend on solutions to stay ahead of hackers is particularly pronounced. However, in jumping at the latest tech month after month, year after year, organizations enterprises can quickly find themselves with licenses and subscriptions for tens or even hundreds of different cybersecurity tools.
It is in these situations where problems can begin to arise.
More security tools doesn’t always mean better security. In fact, an overcomplicated security stack can lead to integration challenges and increased management costs that ultimately undermine the effectiveness of cybersecurity strategies.
Here, one of the most common challenges is alert fatigue, where security practitioners become overwhelmed from managing and reviewing a range of different security tools.
Picture the scene: A small security team are tasked with keeping an eye on 30 different platforms that are all flagging potential issues and threats that need to be urgently addressed. Quickly, it becomes unmanageable, with a recent survey suggesting that the average Security Operations Center (SOC) is only able to deal with 38% of the alerts that they receive. Data from Microsoft aligns with this, estimating that data security teams can only get to approximately 60-70% of daily alerts, leaving organizations exposed to significant risks.
Does AI Solve or Exacerbate Alert Fatigue?
In more recent times, AI has been highlighted as a potential solution to this problem.
If AI can automate mundane, repetitive tasks such as reviewing alerts and flagging those that are most critical for review, it can help take the pressure off analysts while ensuring that any real threats are much less likely to be missed.
In this way, AI can significantly improve threat detection, security operations and case efficiency. However, these tools come with their own problems.
While AI tools might be designed to simplify the security analysis process, many of these solutions are unable to communicate with each other, creating a range of challenges and inefficiencies:
Increased alert fatigue: Without coordination and integration, security teams can end up receiving many duplicate or conflicting alerts from different AI tools, making it harder to identify and respond to actual threats. If you have competing sources for threat intelligence that are saying different things, which is right and which is wrong? Which one do you follow?
Data silos: A lack of communication between tools can leave analysts dealing with fragmented data sources, and no easy way to connect the dots. One platform might detect an anomaly, while another might spot suspicious behavior that’s related. But without integration, no single system can piece this intel together to give analysts the insights they need.
Administrative burdens: Security teams are still tasked with switching between different security platforms, learning how each one works, the key insights they provide, and how they must be managed. That then adds to an already heavy workload, leaving less time to focus on identifying and responding to threats.
AI needs integration, not isolation
Undoubtedly, AI has the potential to dramatically improve cybersecurity. However, to do so, it is vital that each different AI tool operates within one collective cybersecurity system rather than in silos.
In this sense, to maximize the benefits of AI-driven security, organizations must priorities integration and interoperability, ensuring that these systems are able to communicate, share and correlate data, and contribute collective insights to one single source of truth – an overarching defense strategy.
How can such a strategy be achieved? The first step is to really determine which tools are necessary and add value, and which are no longer required. While a security solution may have added value at one point in time, it now may be redundant owing to a lack of use and/or overlapping capabilities.
By carrying out some much-needed spring cleaning and consolidating the security stack, enterprises can not only save costs associated with licensing, training and maintenance, but also reduce the pressures on security teams, streamlining their workloads.
Start by eliminating those tools that simply aren’t being used. Then, identify those tools in your stack that have overlapping capabilities and determine which ones can be weaned out.
During this process, it’s important to priorities the big picture rather than individual tools. With the right combination of AI-driven cybersecurity technologies that can communicate with each other, organizations will be empowered with greater context on priority cases, transforming a flood of data-poor alerts into a streamlined flow of data-rich insights that analysts can respond to at speed.
Here, buyers have influence. By outlining that you as an enterprise need interoperability capabilities as standard within cyber products, vendors will have to align to sell their products.
Looking to the future – creating an AI pyramid?
Long term, enterprises need to begin to consider not just whether or not tools can communicate with each other, but how they can operate together in an overarching system that maximizes their benefits.
Instead of a linear structure, I believe that the creation of an AI pyramid – in which one dominant AI captures and utilizes the analyses data from several other security tools beneath it – could be the key.
Think about a SIEM tool. This sits over the top of all those other security tools, correlating data and information into a single message, and acting as a single source of truth. This model exists already – moving forward, we need to apply AI to that model.
In such a setup, you might have:
The base: AI tools that would gather raw security data from endpoints, network logs, cloud environments and other relevant sources. The data would be processed by these tools, and then passed up the pyramid.
The middle: AI tools designed for specific strands of security would then use this data. These solutions might include threat detection AI tools to identify anomalies or threats, endpoint protection AI tools to monitor devices for vulnerabilities, or network security AI to analyze traffic for intrusions. Each tool would operate independently but then feed its findings to the top of the pyramid.
The top: An AI SIEM tool that would act as a central intelligence hub, aggregating and analyzing data and findings from those other AI tools further down the pyramid. This platform would provide key insights and recommendations to analysts, giving them a single source of truth.
With a central AI orchestrator at the top, fragmented AI security tools are transformed into a comprehensive, intelligent defense system. Analysts would be freed up to focus on addressing the recommendations provided by one centralized, intelligent system, streamlining security operations and dramatically reducing the burdens on security teams.
Is this realistic today? There are several challenges to iron out, such as those relating to data privacy, to get this right. But at a time where we’re getting new technologies faster and faster, this could be the kind of structure that’s fundamentally just around the corner.
Comments ( 0 )