SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Ontinue adds AI-powered skills to its ION MXDR service
Mon, 26th Jun 2023

Ontinue, a provider of AI-powered extended managed detection and response (MXDR) services and winner of the 2023 Microsoft security services innovator of the year award, has announced the addition of three new AI-powered skills to its Ontinue ION MXDR service. These new skills are enabled and incorporated into ION IQ, Ontinue's proprietary security AI technology. It models customer environments and operations to localise the ION MXDR service for faster, more accurate prevention, detection and response to cyber threats while reducing the burden on customers' security teams. 

“Our MDR service was founded by a group of data scientists whose core premise was that AI could revolutionise MDR; not by simply applying it to better understand threats, which we do, but also to understand a customer's unique environment and operations. It's extremely difficult for any MDR provider to deliver advanced triage, investigation, response, or prevention without a deep understanding of the environment being protected. ION IQ was designed from the ground up to apply AI to this challenge," says Tom Corn, chief product officer at Ontinue.

“The intelligence of ION IQ is integrated into virtually all aspects of our ION MXDR service, from tailoring the service to each customer's individual situation and requirements, to prioritising and defining new automation workflows. This is only the beginning. We believe ION IQ will help break new ground in our MXDR service around localisation, automation, collaboration, prevention - and virtually every other aspect of securing our customers more effectively and efficiently. AI is at the centre of our strategy. The three new ION IQ skills we are launching today demonstrate our commitment to utilising AI to entirely redefine what MXDR services are capable of."

The integration of AI in security has risen over the last several years, primarily using large language models. However, the main application of AI in security has been to understand better threat behaviour to improve detection, which has worked well and has made defenders more effective. AI has not been widely used to address the challenge of tailoring, or "localising" MDR services to customer environments.

Addressing this domain is vital to more effective prioritisation, surgical responses and prevention, accurate separation of factual and benign positives, reduced operational burden on customers, and other benefits. Ontinue's proprietary AI, ION IQ, enables localised insights and protection tailored to customers' unique environments, resulting in faster, more accurate prevention, detection, and response while continuing to lessen the burden on customers' security teams.

The three new AI-powered skills added to Ontinue ION are Critical Asset Intelligence, Azure OpenAI-integrated ION chatbot, and incident conviction.  

ION’s Critical Asset Intelligence surfaces overlooked critical assets on behalf of security teams, who often struggle to keep up with the constant changes in today's IT environments. This additional context enables Ontinue's Cyber Defenders to focus on incidents that pose the most significant risk and respond quickly and effectively while limiting the impact on business operations.

Customers can ask questions of ION using natural language and receive the needed information in seconds via Microsoft Teams. This replaces the legacy approach of surfacing information through portals, static reports, emails and phone calls that burden customers with questions, such as requesting incident details or tailored guidance on optimising SIEM ingestion. This results in answers localised to each customer's environment that is highly actionable and are delivered in seconds, not hours or days.

The new Incident Conviction AI models in ION MXDR allow Ontinue's Cyber Defenders to respond faster and more accurately. It addresses the age-old challenge of distinguishing between true and benign positives in a given customer's environment, using AI models that generate highly localised conviction ratings. This enables Ontinue defenders to move faster on true incidents and reduces the risk of dismissing actual incidents in highly complex environments.
“Ontinue ION sets new standards for MXDR services. It uniquely delivers AI-powered Nonstop SecOps with 24/7, always-on protection while increasing overall security program maturity, efficacy and scalability. ION overcomes the shortcomings of traditional MDR solutions in several ground-breaking ways, including the first Microsoft Teams-based collaboration model for seamless real-time communication between SecOps, IT and all other security stakeholders,” adds Corn.

“Ontinue is also pioneering the use of generative AI and automation to localise the ION service for a given customer, and to accelerate the detection and response to threats faster than ever before. Complementing these advanced capabilities of the ION service is the deep Microsoft security expertise of Ontinue's ION staff, which enables customers to maximise the capabilities of their Microsoft security investments and lower their security total cost of ownership."