Post Syndicated from Emma Burdett original https://www.rapid7.com/blog/post/dr-teams-ready-for-preemptive-security-mdr-survey
The shift toward preemptive security is underway, but most organizations are still navigating the realities of limited resources, fragmented tools, and emerging AI risk. At Rapid7’s recent Global Security Summit, we surveyed attendees to better understand where security leaders and practitioners stand today, what is shaping their priorities, and what they need to move forward. Their responses offer a candid view into the current state of security operations: ambitious, increasingly AI-aware, and ready for change, but still working through the practical challenges of getting there.
For many teams, the direction is clear: security needs to become more proactive, more connected, and more resilient. Attackers are moving quickly, environments are expanding, and teams are under pressure to reduce risk before it turns into business disruption. But the survey results show that most organizations are still somewhere in the middle of that journey.
Where organizations are today
One of the clearest findings is that security operations are increasingly collaborative. According to the survey, 57% of respondents operate in a hybrid internal and MDR model. That reflects a reality many teams know well: internal expertise remains essential, but external support can help extend coverage, add specialist knowledge, and support faster response when internal resources are stretched.
This hybrid model also speaks to the complexity security teams are managing. Modern environments span cloud, identity, endpoints, applications, third parties, and expanding attack surfaces. Keeping watch across all of it requires more than tooling alone. It requires the right mix of people, process, visibility, and support.
At the same time, many organizations are still working to connect the dots across their security ecosystem. Two-thirds of respondents said their security capabilities are only partially integrated. For analysts, partial integration often means more manual work: switching between tools, stitching together context, and making decisions with an incomplete picture. When teams are jumping between systems, manually stitching together context, or working from incomplete data, it becomes harder to act at the speed modern threats demand.
The survey also showed that only 10% of respondents describe their organization as “highly proactive” in predicting and preventing threats, which points to the reality of where many teams are today. The ambition is there, but becoming truly preemptive takes time, integration, and operational maturity. Most organizations are still balancing the day-to-day demands of reactive response with the longer-term work of building a more proactive security model.
Confidence levels tell a similar story. 59% of respondents said they are only somewhat confident in their organization’s ability to prevent attacks before impact. Security teams understand what is at stake, but many still lack full confidence that they can consistently stop threats before they affect the business.
AI is a priority, but trust matters
AI was, of course, another major theme in the survey. Interest is high, especially when it comes to improving efficiency, accelerating triage, and helping teams manage growing volumes of data and alerts, but adoption is still developing. 52% of respondents said AI is in early-stage exploration within their security operations.
AI has clear potential in the SOC and across security operations, from summarizing investigations to enriching alerts, supporting prioritization, and helping analysts move faster. But security teams have to be deliberate about how they apply it. In high-pressure environments where accuracy, context, and accountability matter, AI needs to earn trust.
The survey results show that trust is still a key consideration. 57% of respondents cited securing AI usage as a top AI and security concern, while 44% cited lack of transparency or trust. These responses reflect a practical mindset. Security leaders are thinking about both sides of AI: how it can help defenders move faster, and how to manage the new risks it introduces. Internally, for AI to become operationally valuable, it has to fit into existing workflows, provide explainable outputs, and support human expertise.
What security teams want next
When respondents were asked what is preventing them from becoming more proactive, the top challenges were practical and familiar. 54% cited limited staff or expertise, making capacity one of the biggest barriers to progress. Teams may have the ambition to become more preemptive, but many are already balancing daily alert queues, incident response, vulnerability backlogs, compliance pressure, and business-as-usual security demands.
Visibility is another major factor. 31% of respondents cited lack of visibility across the environment as a barrier to becoming more proactive. Without a clear view of assets, identities, exposures, and attacker activity, teams struggle to prioritize what matters most. This is especially important as organizations look to move from broad detection toward more risk-aware, preemptive action.
The priorities respondents selected show where they want to go next. 41% selected preemptive security as a top security leadership priority, while improving resilience, strengthening incident response, reducing complexity, and improving risk visibility also appeared as recurring themes.
The findings from our Global Security Summit make one thing clear: security teams are ready to move toward more proactive, integrated, and AI-enabled operations, but they need the right visibility, expertise, and confidence to do it well.
To hear more from the experts and practitioners who joined us at the summit, catch up on the on-demand sessions. And to learn how Rapid7 is helping organizations move toward preemptive security, explore Rapid7 Managed Detection and Response, built to disrupt attackers earlier with broad ecosystem coverage, risk visibility, expert guidance, and an AI-powered SOC.