Channel Women In Security: AI And The Future of Identity Threat Detection

Black Point Cyber’s vice president of security, MacKenzie Brown, sat down with Cass Cooper to discuss how challenges organizations face with managed detection and response (MDR) and identity threat detection and response (ITDR).

In episode four of the Channel Women in Security podcast, CRN’s Cass Cooper sits down with Black Point Cyber’s vice president of security, MacKenzie Brown, to discuss how challenges organizations face managed detection and response (MDR) and identity threat detection and response (ITDR).

Their conversation emphasizes the importance of trust in providers and the need for robust security measures, exploring the role of AI in enhancing threat detection and the significance of mentorship and passion for future leaders in the cybersecurity field.

Listen to the full interview on YouTube (above), Spotify, and Apple iTunes.

As a leader in this space, what are the biggest challenges organizations face with MDR, and how can they address them effectively?

One of the biggest challenges with MDR is deciding to adopt it in the first place. Everyone could benefit from a Security Operations Center (SOC), but smaller organizations often lack the budget and trained personnel for a fully-fledged SOC. Once a company decides MDR is the way to go, the challenge becomes choosing the right provider. It’s crucial to look beyond detection to the “R” in MDR: response. Organizations should trust that their MDR provider isn’t just notifying them of threats but is prepared to act, whether isolating systems, disabling accounts, or containing threats. This requires MDR providers to have well-trained analysts, robust cloud security monitoring, and even AI to aid in efficiency and response.

Switching gears to another acronym: identity detection and response (IDR). With the rise of identity-based attacks, how do you see IDR evolving, and what should organizations prioritize?

Identity detection and response isn’t entirely new, but it’s become a focal point as more attacks target user identities. The shift we’re seeing is from malware to identity-based threats like social engineering and credential compromise. Essentially, identities are the new perimeter. Protecting them means organizations need effective identity and access management (IAM), such as multi-factor authentication (MFA), least privilege policies, and privileged access management (PAM) solutions.

One interesting stat: when we onboard new customers, 20 percent have an active business email compromise (BEC) issue at the outset. This underscores how critical it is to understand identity behavior and detect anomalies early. Organizations should invest in understanding their IAM infrastructure and knowing who their users are. Identity detection with context—like understanding IP addresses, login patterns, and user behaviors—is vital for spotting abnormal activities.

Let’s talk about AI now. It’s becoming a massive part of security strategy. How is BlackPoint leveraging AI in threat detection, and what advice would you give organizations considering AI in their security operations?

Great question. At BlackPoint, we’re beyond the experimental phase with AI; we’re focused on making it practical. For us, AI is all about enhancing efficiency and reducing time to detection. However, it’s essential to balance AI with human expertise—AI can’t fully replace human judgment.

For organizations considering AI, start small and identify areas where it can speed up processes or improve accuracy. Remember, AI is a tool; it’s not a substitute for a solid security foundation. Also, keep in mind that threat actors are exploring AI too, so we have to stay ahead in terms of both AI defense and understanding potential AI-based attacks.

What would you say to businesses just beginning to invest in identity and AI-based security?

Start with a clear understanding of your current identity infrastructure and access management. Knowing who your users are and implementing contextual identity detection are critical first steps. When incorporating AI, aim for incremental, practical improvements—whether it’s automating repetitive tasks or helping analysts make faster decisions. And always choose a security partner you trust to make critical decisions in real time. Identity and AI are reshaping security, but it’s all about building a strong, trust-based foundation for these technologies.