Automation Use Cases For SOC

Security teams around the world have become hyper-efficient after adopting DTonomy’s AI-based analysis and response to augment existing security tools:

Phishing Investigation, Remediation and Beyond

Phishing accounts for 90% of data breaches and is likely only to increase. It is affecting businesses of all sizes and in all industries. For some customers, we see 3-5 Phishing emails reported every minute, completely overwhelming Security Analysts who are handling these manually.

To counter this ongoing barrage of threats, organizations need to leverage an intelligent SOAR platform.

DTonomy’s intelligent automated incident response platform automates the remediation process and correlates with internal and external resources to enrich the information for analysts. A more intelligent and assisted automated response enables the reduction of Mean Time to Response from 20 to 30 minutes to less than 5 minutes, reduces workload and analyst fatigue and reduces cost by avoiding the hiring of additional analysts

Augmenting Data Loss Prevention Solution

Data Loss Prevention (DLP) is designed to prevent critical information from being leaked by end users – either inadvertently or deliberately – outside of an organization’s network. The impact of data loss and leaks is staggering – the Ponemon Institute’s Cost of a Data Breach report puts the total cost of a breach at $3.92 million dollars and each lost record representing a cost of $150.

A DLP system can be configured to respond based on pre-defined policy and rules to enable analysts to most efficiently investigate and respond to the alerts and prevent future incidents. However, the DLP system must be continuously monitored to assure proper configuration to prevent data leaks. A medium sized organization could experience hundreds of DLP violations per day; augmenting DLP triage and response processes with automation is critical to mitigate risk.

DTonomy’s AI-based analysis and response platform contains playbooks for DLP configuration workflows to provide real time critical information about the robustness of the system’s security. When deployed in conjunction with a DLP solution, DTonomy’s playbooks autonomously and continuously test the validity of the system to ensure that a strong security strategy is being enforced while enabling security analysts to more quickly triage and respond to DLP alerts.

Cloud Security Management

As organizations are moving to the cloud in record numbers, so are the number of cloud-related breaches as attackers increasingly exploit misconfiguration issues, leading to increased costs and exposure of valuable information.

Despite detections of cloud misconfigurations being uploaded to a log management and security analytics platform (SIEM) every 15 minutes, most are often overlooked by security analysts unless they are perceived to be highly important.

When adopting cloud services, companies also need to implement proper security measures with real time threat monitoring and intelligent incident response. DTonomy AIR provides integrations and built in playbooks for handling cloud security threats to mitigate cloud security risk.

Triaging Compromised Users Alerts

User security can be compromised for many reasons including weak passwords, use of common passwords across company, personal and social media sites, or data breaches from other sites. SIEM systems look for these but often generate an inordinate number of false positives, so Security Analysts aren’t sure which ones to focus on.

Security Analysts need to better manage this overwhelming number of false positives by leveraging an intelligent incident response platform.

DTonomy’s built in playbooks correlate internal and external information to enable analysts to investigate the alerts with the most relevant context therefore reducing Mean Time to Response from over 30 minutes to less than 5 minutes.

Faster Root Cause Analysis with Higher Confidence

Due to the high volume of alerts that security analysts face every day, many alerts are investigated and resolved without understanding the root cause, especially for alerts with weak signals, leaving organizations at risk. In resolving alerts, it may take ½ second to mark something as false positive because it looks familiar, but it may take a full day or more to determine the true root cause. The typical process of root cause discovery begins with experts making assumptions and continues with ongoing queries and sometimes endless guessing.

A Security Information Event Manager (SIEM) makes the process easier, but the overwhelming number and frequency of alerts can cause analyst fatigue and impede the process of determining the root cause.

DTonomy uses algorithms to analyze and correlate alerts and other contextual information. It continuously maps out all connections between different alerts, content, and analysts’ resolutions and recommends plausible root causes for alerts and groups of alerts. The AI engine will recommend root causes that have the highest confidence, and analysts can then validate against their domain knowledge and determine whether future alerts should be treated as the same root cause category. DTonomy AIR brings augmented intelligence for security analysts to accelerate investigation and response, enabling them to resolve with higher confidence and more successfully mitigate security risk.

Wondering if AIR is right for your company?

Check out our "industries" page!

DTonomy Industries
Mix

Copyright © DTonomy 2021

De-Risk False Negatives

Triage Security Threats Faster

For MSP/MSSPs

Automate Phishing Response

Product

Resources

About Us

Get In Touch

Follow Us

Twitter Slack-hash

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

Learn more!
X