Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

AndyC 9 April 2026

For years, the tech industry has faced a persistent, frustrating paradox: security platforms evolve rapidly, but security operations proceed at a bureaucratic pace.

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle
Security icon on a hologram with a background of a laptop.

For years, the tech industry has faced a persistent, frustrating paradox: security platforms evolve rapidly, but security operations proceed at a bureaucratic pace. We’ve witnessed decade-long innovation with point products — XDR, SASE, and CNAPP — yet the average enterprise still manages between 50 and 80 different security tools.

The result? A “data swamp” of alerts where critical signals get lost in the noise.

In a 2025 ZK Research survey, I asked security teams what percentage of alerts they get to, and the number was shockingly low: 65%. Not because they don’t want to, but it’s because of the increasingly large volume of inbound data. In the AI era, this isn’t just a matter of efficiency; it’s a risk that could end the business.

This week, NWN took a decisive step to address this gap. The company introduced a new AI-powered managed security operations suite, supported by its Experience Management Platform (EMP). While the news highlights partnerships with major security providers — Palo Alto Networks, Cisco, and Arctic Wolf — the main story isn’t about the vendors; it’s more about how NWN is trying to solve the “operational reality” that has troubled CIOs for years.

The truth is, having the best tools doesn’t matter if there isn’t a unified, accountable way to manage them.

1
Semperis

Company Size

Employees per Company Size

Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)

Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees)
Small, Medium, Large, Enterprise

Features

Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more

2
ManageEngine Log360

Company Size

Employees per Company Size

Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)

Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees)
Micro, Small, Medium, Large, Enterprise

Features

Activity Monitoring, Blacklisting, Dashboard, and more

The AI era: A double-edged sword for defense

To understand why this launch matters, we need to look at the current state of AI.

We are moving into the era of the “Agentic Enterprise,” where AI agents — not just humans — are managing business tasks. This significantly increases the attack surface. Traditional security models were designed to protect a human at a laptop, but today’s models must defend a large, automated ecosystem of bots, large language models (LLMs), and highly connected cloud workloads.

Bad actors are already using generative AI to carry out phishing attacks and deploy polymorphic malware that evades signature-based detection. To combat this, defenders must fight fire with fire. However, “AI-powered security” has become a marketing buzzword. Every vendor claims it, but few deliver it in a way that genuinely reduces the workload for human analysts.

The NWN approach is interesting because it uses AI not just for detection but also for operationalizing threat defense. By integrating telemetry from vendors such as Cisco (specifically, the Splunk observability roadmap) and Arctic Wolf’s new Aurora Superintelligence platform into a single control plane (EMP), they aim to bridge the “visibility gap.”

The enterprise implications: From tool sprawl to outcome certainty

For enterprises, the main trend of 2026 is shifting from “buying tools” to “buying outcomes.” Here’s why the NWN announcement (to quote Wayne Gretzky) is moving toward where the puck is going to be:

  1. The rise of the “operational control plane”: Most enterprises experience “dashboard fatigue.” NWN’s use of its EMP as a centralized cockpit indicates that the value in security is shifting from individual sensors to the platform that can analyze and act on the data. In a world where every minute counts, having a “single, accountable managed service model” is the only way to achieve the sub-hour response times needed to stop a modern breach.
  2. Addressing the talent gap: We still face a global shortage of millions of security professionals. Enterprises can no longer rely solely on hiring more staff to solve this issue. AI-enabled managed services allow companies to expand their defenses without adding to their workforce. By using AI to manage “L1” triage and automate ticketing, human experts can focus on high-value tasks such as offensive security and strategic planning — both of which are key parts of NWN’s new offering.
  3. Hybrid cloud complexity: As I’ve discussed before, AI workloads are causing major shifts in network traffic. Many organizations realize that their old monitoring tools can’t see inside the AI-driven traffic patterns across AWS and Azure. NWN’s emphasis on integrating Palo Alto’s Prisma Access monitoring specifically for hybrid environments recognizes that the “perimeter’ now exists everywhere.

Advice for the modern security practitioner

As the industry pivots toward AI-enabled managed operations, security leaders need to rethink their strategy. If you are a CISO or a security architect, here are three things you should be doing right now:

  • Audit your “shelfware” and move toward integration: Avoid purchasing best-of-breed point products that don’t communicate with each other. The era of the “Frankenstein SOC” has ended. Focus on platforms that provide robust API integration and can be unified within a single management layer. If a tool doesn’t contribute to a “single pane of glass,” it’s a liability, not an asset.
  • Focus on mean time to remediation (MTTR), not just detection: Detection is only 10% of the process. In the AI era, an attacker’s “dwell time” is decreasing. Make sure your managed service providers (MSPs) and internal teams have a clear, automated way to go from “alert” to “remediation.” If your response still depends on manual emails and phone calls, you’re already too late.
  • Adopt “offensive” security as an ongoing practice: The NWN launch includes offensive security services for a reason. You can’t rely solely on an annual penetration test to identify your weaknesses. Use AI-driven tools to continuously assess your defenses. In a landscape where threats change daily, security must be an ongoing cycle of testing, strengthening, and monitoring.

The NWN launch is a strong indicator of the future direction of the managed services industry. It reflects a shift from “we’ll watch your network” to “we’ll operationalize your entire security ecosystem.”

In the AI era, the winners won’t be the companies with the most tools; they’ll be the ones that can turn a mountain of data into a single, decisive action. For enterprises looking to modernize, the focus must shift from the technology itself to the platform that enables that technology to operate at scale.

NWN’s expansion of its EMP to include deep security integrations is an important step in that direction.

For more on how policy decisions could reshape cyber defense, read our coverage of President Donald Trump’s proposed CISA budget cuts and the concerns they’re raising across the security industry.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

What do you feel about this?

More Stories

10 ChatGPT AI Prompts L1 SOC Analysts Can Use in Their Daily Work

10 ChatGPT AI Prompts L1 SOC Analysts Can Use in Their Daily Work

AndyC 9 April 2026

Is compliance complexity outpacing IT capacity?

AndyC 9 April 2026
New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

New Scam Alert: QR Codes Replace Links in Traffic Ticket Phishing

AndyC 9 April 2026
‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

AndyC 9 April 2026
Trump’s Proposed CISA Cuts Spark Alarm Among Cybersecurity Experts

Trump’s Proposed CISA Cuts Spark Alarm Among Cybersecurity Experts

AndyC 8 April 2026
New FBI Warning: Chinese Apps Could Expose User Data

New FBI Warning: Chinese Apps Could Expose User Data

AndyC 8 April 2026

You may have missed

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

AndyC 9 April 2026
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

AndyC 9 April 2026
Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

AndyC 9 April 2026
10 ChatGPT AI Prompts L1 SOC Analysts Can Use in Their Daily Work

10 ChatGPT AI Prompts L1 SOC Analysts Can Use in Their Daily Work

AndyC 9 April 2026

Is compliance complexity outpacing IT capacity?

AndyC 9 April 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.