Ontinue Delivers Tailored Automation
March 2024 by Marc Jacob
Ontinue announced the release of a set of new advanced automation and reporting capabilities for its ION Managed Security Operations service. These capabilities improve speed and quality of incident resolution and deliver greater transparency with consistent, detailed logic about decisions made.
Organizations look to managed detection and response (MDR) providers to fully resolve incidents on their behalf and to do so with great speed and accuracy. This requires more than top tier analysts; it also requires a high degree of automation. However, when MDR providers leverage automation, they are often limited in how much of the incident investigation and resolution process they can automate because they don’t have a detailed enough model of their customers environment and operational constraints, that automation can leverage. For instance, if an MDR provider detects lateral movement in an environment, but doesn’t know the role of the impacted assets or who is responsible for those assets, the customer is required to step in and continue the investigation and determine the correct response.
Fast, effective incident resolution demands the implementation of automation tailored to an organization’s unique environment and operational processes, coupled with complete transparency. Ontinue’s ION Managed Security Operations now includes advanced automation capabilities and greater visibility into what the service does on an organization’s behalf. These enhancements not only drive faster incident response, but also offload more of the burden from internal teams so they can refocus their efforts on other business priorities. These new capabilities strengthen existing SecOps workflows and instill deeper trust in Ontinue’s Managed Security Operations service by providing total transparency into how decisions were made.
The new capabilities offered within the Ontinue ION Managed Security Operations include:
Smart Automation with ION Automate – Organizations can define Rules of Engagement and Escalation Matrices for incident management, considering operational factors like time of day, geography, and asset type or role, in addition to incident severity. ION Automate executes pre-authorized actions for incidents based on these rules. If needed, it can automatically escalate incidents to stakeholders for approval before acting. This integration streamlines incident response by minimizing manual intervention and ensuring efficient handling of security incidents. These smart automation capabilities will be deployed in a phased approach during Q2 of 2024.
Enhanced Incident Summaries and Closure Comments using AI-generated insights — Any time Ontinue resolves an incident on behalf of customers or closes a ticket, an incident summary and closure comments is provided. With the new enhanced incident summaries and closure comments, Ontinue will use AI to generate these vital readouts for our Cyber Defenders to review before sending to customers. ION IQ, Ontinue’s proprietary AI, will comb through all the notes, impacted assets, and activities for a given incident - including the automated actions – and summarize them in n consistent and easy-to-read, detailed summary.
Improved Transparency in the ION IQ Chatbot – The ION IQ Chatbot now provides a fast, simple way for customers to get insights about everything from incident trends to SecOps cost optimization guidance to security hardening recommendations. For example, customers can ask “Show Executed Query” to quickly receive the logic behind its responses. This heightened level of transparency fosters greater trust in the responses provided by the ION IQ Chatbot, and gives customers more confidence in their security operations.
Ontinue specializes in managed security operations tailored for Microsoft customers. Its approach combines 24/7 threat protection through a follow-the-sun Security Operation Centers with ION, an AI-powered platform. ION integrates AI, automation, and human expertise to optimize SecOps costs, leading to greater efficiencies, continuous protection, faster incident response times, and improved ROI for Microsoft investments. These new capabilities underscore Ontinue’s commitment to innovation and customer-centricity.