Redwood City, CA — Ontinue, a leading provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, today announced the release of a set of new advanced automation and reporting capabilities for its ION Managed Security Operations service. These capabilities improve speed and quality of incident resolution and deliver greater transparency with consistent, detailed logic about decisions made.
Organizations look to managed detection and response (MDR) providers to fully resolve incidents on their behalf and to do so with great speed and accuracy. This requires more than top tier analysts; it also requires a high degree of automation. However, when MDR providers leverage automation, they are often limited in how much of the incident investigation and resolution process they can automate because they don’t have a detailed enough model of their customers environment and operational constraints, that automation can leverage. For instance, if an MDR provider detects lateral movement in an environment, but doesn’t know the role of the impacted assets or who is responsible for those assets, the customer is required to step in and continue the investigation and determine the correct response.
“We often hear from frustrated CISOs that their teams had to reinvestigate incidents that their managed security provider claims to have resolved,” said Geoff Haydon, CEO of Ontinue. “Since most MDR services are black boxes, even when they do act on behalf of customers, there’s no way for these teams to verify that the decisions and actions taken by their provider resulted in the right outcome.”
Fast, effective incident resolution demands the implementation of automation tailored to an organization’s unique environment and operational processes, coupled with complete transparency. Ontinue’s ION Managed Security Operations now includes advanced automation capabilities and greater visibility into what the service does on an organization’s behalf. These enhancements not only drive faster incident response, but also offload more of the burden from internal teams so they can refocus their efforts on other business priorities. These new capabilities strengthen existing SecOps workflows and instill deeper trust in Ontinue’s Managed Security Operations service by providing total transparency into how decisions were made.
The new capabilities offered within the Ontinue ION Managed Security Operations include:
- Smart Automation with ION Automate – Organizations can define Rules of Engagement and Escalation Matrices for incident management, considering operational factors like time of day, geography, and asset type or role, in addition to incident severity. ION Automate executes pre-authorized actions for incidents based on these rules. If needed, it can automatically escalate incidents to stakeholders for approval before acting. This integration streamlines incident response by minimizing manual intervention and ensuring efficient handling of security incidents. These smart automation capabilities will be deployed in a phased approach during Q2 of 2024.
- Enhanced Incident Summaries and Closure Comments using AI-generated insights — Any time Ontinue resolves an incident on behalf of customers or closes a ticket, an incident summary and closure comments is provided. With the new enhanced incident summaries and closure comments, Ontinue will use AI to generate these vital readouts for our Cyber Defenders to review before sending to customers. ION IQ, Ontinue’s proprietary AI, will comb through all the notes, impacted assets, and activities for a given incident – including the automated actions – and summarize them in n consistent and easy-to-read, detailed summary.
- Improved Transparency in the ION IQ Chatbot – The ION IQ Chatbot now provides a fast, simple way for customers to get insights about everything from incident trends to SecOps cost optimization guidance to security hardening recommendations. For example, customers can ask “Show Executed Query” to quickly receive the logic behind its responses. This heightened level of transparency fosters greater trust in the responses provided by the ION IQ Chatbot, and gives customers more confidence in their security operations.
“CISOs are looking to resolve incidents faster, strengthen their security posture, and make their team’s job easier. To achieve these goals, you need not only expertise and the right tools, but also a deep understanding of the environment you’re protecting – something that many managed security providers lack,” said Tom Corn, CPO at Ontinue. “Ontinue has always made it a priority to build a deep understand of our customers’ environments, teams and operations. With smart automation, we have now turned this understanding into a machine-readable format that we can use to drive advanced automation. In the future, we apply AI to this data model to generate insights that will allow us to optimize security operations workflows even further for our customers.
Ontinue specializes in managed security operations tailored for Microsoft customers. Its approach combines 24/7 threat protection through a follow-the-sun Security Operation Centers with ION, an AI-powered platform. ION integrates AI, automation, and human expertise to optimize SecOps costs, leading to greater efficiencies, continuous protection, faster incident response times, and improved ROI for Microsoft investments. These new capabilities underscore Ontinue’s commitment to innovation and customer-centricity.
For more information about Ontinue’s ION managed security operations and its new capabilities, please visit www.ontinue.com.
About Ontinue: Nonstop SecOps
As a leading provider of AI-powered managed extended detection and response (MXDR) service, Ontinue is on a mission to be the most trusted security partner that empowers customers to embrace and accelerate digital transformation by using AI to operate more at scale, and with less risk. The combination of AI and human expertise is essential for delivering effective managed security that is tailored to a customer’s unique environment, operational constraints, and risks. Our MXDR service combines powerful proprietary AI with the industry’s first collaboration with Microsoft Teams to continuously build a deep understanding of our customers’ environments, informing how we prevent, detect, and respond to threats. Our Microsoft expertise allows customers to achieve these outcomes with the Microsoft Security tools they already own. The result is highly localized managed protection that empowers security teams to be faster, smarter, and more cost efficient than ever before.