Hyperautomation for Security Teams

   November 22, 2024  Posted in Cyber Security Ventures


21 Nov Hyperautomation for Security Teams

From automation to hyperautomation, revolutionizing security operations with AI

– Peter Luo, Director of Product Management, Stellar Cyber

San Jose, Calif. – Nov. 21, 2024

Six years ago, we founded DTonomy, a security automation company, and now we’re part of Stellar Cyber. As security software engineers and data scientists who had worked at the forefront of security operations — from building large-scale AI-based EDR systems to managing daily security operations — we were acutely aware of the challenges security teams face. Triaging security alerts during national holidays, where 99% are false positives, is both exhausting and time-consuming. Fully investigating each alert carries the risk of missing critical issues, underscoring the urgent need for automation. From day one, our mission was clear: to relieve the overwhelming burden on security teams by harnessing the power of automation and AI.

Traditional automation, or the first generation of SOAR tools, made strides in helping security teams manage risks. However, it has its limitations. Real-world security investigations and responses are often more complex than what’s shown in demos, involving numerous steps that blend technical processes with organization-specific business logic. This complexity demands dedicated development teams to build and maintain these solutions, making them resource intensive.

Traditional automation typically focuses on API-related or simple script-based tasks, limiting the scope and generalizability of the automation that can be implemented. Some tasks require advanced intelligence, which is not easily achieved through regular scripts. For instance, automating tasks like blocking an IP address that requires managerial approval or responding to suspected phishing emails involves a blend of intelligence, NLP techniques, computer vision, and robotic process automation (RPA). These methods often fall short of delivering seamless, comprehensive automation.

Traditional automation also tends to remain in the realm of simple actions, lacking strong reasoning capabilities and requiring skilled developers for constant tuning, refinement, and maintenance.

Hyperautomation addresses these challenges by enhancing traditional SOAR automation with three distinct features:

  1. Radical Simplicity: Hyperautomation simplifies automation through intuitive user experiences and smart connections between steps. Users can create automations using plain text descriptions, while AI handles the intricate details. This approach covers a wide range of security response use cases, making it easier for teams to implement and benefit from automation.
  2. Pushing Automation to the Limit: Hyperautomation integrates various techniques to enable complete end-to-end workflows. It leverages innovative technologies such as NLP for complex text analysis, computer vision for phishing image recognition, Generative AI for efficient incident summarization and guided threat hunting, and RPA for repetitive browser-based tasks. This combination allows automation to cover the full spectrum of detection, investigation, and response, unlocking automations that were previously impossible. These techniques enhance the efficiency and effectiveness of security teams, enabling them to tackle a vast array of use cases.
  3. Automation with Reasoning Capability (AI Agents): Unlike traditional automation, which is procedural, hyperautomation leverages Generative AI to go beyond routine tasks. AI agents within hyperautomation tap into the vast intelligence of global data, spontaneously identifying gaps, reasoning through alerts and cases, determining missing information, and figuring out the best next steps. These AI agents can also generate innovative threat-hunting ideas, query relevant intelligence online or through internal systems, and take autonomous actions until risks are properly mitigated. This dynamic intelligence enables security teams to stay ahead of evolving threats and respond more effectively.

Like traditional SOAR, hyperautomation integrates with hundreds of security tools, streamlining operations and serving as the core of a robust security automation system. It orchestrates the entire security ecosystem, ensuring seamless collaboration between all tools.

From day one, DTonomy was designed to unlock more automation for security teams, driven by our experience in SOC centers. The work is endless, risks are ever-present, and every SOC – regardless of size – has limited resources. Automation is essential for SOCs to efficiently mitigate risks, and hyperautomation reduces the workload on security teams so they can focus on critical tasks. Please visit us for more information.

– Peter Luo is the Director of Product Management at Stellar Cyber.

About Stellar Cyber

Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.



Source link