Threat Intelligence & Incident Response

Ontinue unveils new capabilities for ION Managed Security Operations

New Capabilities Reduce Burden on Security Teams by Empowering Them to Achieve Automation Goals

Ontinue, a leading provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, today announced the release of a set of new advanced automation and reporting capabilities for its ION Managed Security Operations service. These capabilities improve speed and quality of incident resolution and deliver greater transparency with consistent, detailed logic about decisions made. 

Organizations look to managed detection and response (MDR) providers to fully resolve incidents on their behalf and to do so with great speed and accuracy. This requires more than top tier analysts; it also requires a high degree of automation. However, when MDR providers leverage automation, they are often limited in how much of the incident investigation and resolution process they can automate because they don’t have a detailed enough model of their customers environment and operational constraints, that automation can leverage. For instance, if an MDR provider detects lateral movement in an environment, but doesn’t know the role of the impacted assets or who is responsible for those assets, the customer is required to step in and continue the investigation and determine the correct response.

“We often hear from frustrated CISOs that their teams had to reinvestigate incidents that their managed security provider claims to have resolved,” said Geoff Haydon, CEO of Ontinue. “Since most MDR services are black boxes, even when they do act on behalf of customers, there’s no way for these teams to verify that the decisions and actions taken by their provider resulted in the right outcome.”

Fast, effective incident resolution demands the implementation of automation tailored to an organization’s unique environment and operational processes, coupled with complete transparency. Ontinue’s ION Managed Security Operations now includes advanced automation capabilities and greater visibility into what the service does on an organization’s behalf. These enhancements not only drive faster incident response, but also offload more of the burden from internal teams so they can refocus their efforts on other business priorities. These new capabilities strengthen existing SecOps workflows and instill deeper trust in Ontinue’s Managed Security Operations service by providing total transparency into how decisions were made.  

The new capabilities offered within the Ontinue ION Managed Security Operations include:

  • Smart Automation with ION Automate – Organizations can define Rules of Engagement and Escalation Matrices for incident management, considering operational factors like time of day, geography, and asset type or role, in addition to incident severity. ION Automate executes pre-authorized actions for incidents based on these rules. If needed, it can automatically escalate incidents to stakeholders for approval before acting. This integration streamlines incident response by minimizing manual intervention and ensuring efficient handling of security incidents. These smart automation capabilities will be deployed in a phased approach during Q2 of 2024.
  • Enhanced Incident Summaries and Closure Comments using AI-generated insights — Any time Ontinue resolves an incident on behalf of customers or closes a ticket, an incident summary and closure comments is provided. With the new enhanced incident summaries and closure comments, Ontinue will use AI to generate these vital readouts for our Cyber Defenders to review before sending to customers. ION IQ, Ontinue’s proprietary AI, will comb through all the notes, impacted assets, and activities for a given incident – including the automated actions – and summarize them in n consistent and easy-to-read, detailed summary.  
  • Improved Transparency in the ION IQ Chatbot – The ION IQ Chatbot now provides a fast, simple way for customers to get insights about everything from incident trends to SecOps cost optimization guidance to security hardening recommendations. For example, customers can ask “Show Executed Query” to quickly receive the logic behind its responses. This heightened level of transparency fosters greater trust in the responses provided by the ION IQ Chatbot, and gives customers more confidence in their security operations.

“Setting their customers’ escalation policies, and action plans is a common onboarding activity that MDR providers perform. However, this onboarding needs to incorporate the nuances and operational complexities of each unique environment. If this is thought of as a one-time activity rather than something that needs to be regularly updated the outcome can be not ideal when the escalation process breaks down. Consistent reviews, coupled with data science and automation, can help customers get faster, more accurate and higher quality responses. Managed security providers who take a more proactive approach will be able to deliver a stronger security posture for their client, helping to build better trust in their security offering,” said Craig Robinson, Research Vice President, Security Services, IDC Research.

“CISOs are looking to resolve incidents faster, strengthen their security posture, and make their team’s job easier. To achieve these goals, you need not only expertise and the right tools, but also a deep understanding of the environment you’re protecting – something that many managed security providers lack,” said Tom Corn, CPO at Ontinue. “Ontinue has always made it a priority to build a deep understand of our customers’ environments, teams and operations. With smart automation, we have now turned this understanding into a machine-readable format that we can use to drive advanced automation. In the future, we apply AI to this data model to generate insights that will allow us to optimize security operations workflows even further for our customers.

Ontinue specializes in managed security operations tailored for Microsoft customers. Its approach combines 24/7 threat protection through a follow-the-sun Security Operation Centers with ION, an AI-powered platform. ION integrates AI, automation, and human expertise to optimize SecOps costs, leading to greater efficiencies, continuous protection, faster incident response times, and improved ROI for Microsoft investments. These new capabilities underscore Ontinue’s commitment to innovation and customer-centricity.

Join us on March 21st for our webinar on 3 Common Pitfalls to Avoid When Selecting a Managed Security Partner.

For more information about Ontinue’s ION managed security operations and its new capabilities, please visit www.ontinue.com. 

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

LAC Partners with Sygnia

PR Newswire

Network Detection and Response Company ExtraHop Acquired

Business Wire

Open XDR Innovator Cited as Cybersecurity Startup of the Year

Business Wire