Autonomous SecOps: Your AI-Driven Tier 1 SOC Team

Written by Itai Tevet

    Share article
    FacebookTwitterLinkedInRedditCopy Link

    Top Blogs

    TL;DR – We are helping security teams go beyond manual investigations with sandboxes and individually analyzing files to automate the entire incident response process for endpoint and reported phishing alerts with Intezer. Our objective is that our Autonomous SOC platform provides high-quality analysis and results, while being an affordable alternative in-house Tier 1 teams or external Managed Detection & Response services.

    Since Intezer’s inception, we have taken on ourselves a mission to empower SOC, IR, and Threat Intelligence teams – improving the tedious day-to-day tasks and helping them to defeat relentless threat actors. We are thankful for so many security teams who view Intezer as their trusted advisor for triaging, classifying, and responding to threats.

    Working with a variety of security teams we noticed some repeating patterns:

    • Talent shortage: According to a survey of cybersecurity decision-makers, 60% of organizations struggle to recruit cyber talent. We have observed this challenge in ALL of our clients, including Fortune 10 companies as well as smaller businesses. While this challenge and its related problems (alert fatigue, etc.) has been discussed for years, it is not going away.
    • Limits of existing solutions: Security automation tools are awesome, but limited. While SOAR and XDRs can save tons of legwork by creating “if-this-than-that” workflows and help you integrate between different products, they are not designed to automate core decision making tasks that actually require talent/skill (“is this alert a false positive?”, “what kind of threat is it?”, “how do I respond?”, “how do I make sure that this incident doesn’t occur again?”). The technologies that are used inside of a SOC are still not capable of streamlining detection and response at scale.
    • Managed Detection & Response services are costly and not thorough enough: Due to the challenges described above, many companies have turned to outsourcing at least some of their Tier 1/2 operations to Managed Detection and Response services (MDRs). Those services usually promise fewer alerts, more context, and cleaner dashboards. As they are based on human talent and services, they are extremely costly which is especially problematic during times of recession. In addition, deeper IR/forensics is done only in rare cases (usually for additional cost) – which increases the chances of human error.

    What’s next for SecOps? 

    It is becoming clear that Security Operations requires a transformation that would replace more people-based processes with technology, so security teams would not be stretched thin and people can focus only on alerts/tasks that really matter. Our vision for how the SecOps world would evolve includes:

    • People focusing only on real incidents – No chasing ghosts, false positives, and generic unwanted apps that create noise. Security teams need fewer alerts with more context, to use their precious time on important incident response and hunting tasks.
    • Affordable access to Tier 1 / MDR service – Businesses need ways to cover the tedious Tier 1 tasks that nobody wants to do, but without paying enormous amounts of money to outsource the work.
    • More engineering, less manual work – Similar to how the IT world has transformed to DevOps, security professionals need to be able to focus on creating more automatic workflows and hunting for sophisticated threats in their environment. This means spending less time on ongoing, repetitive threat analysis; threat classification and prioritization; forensics on incidents that don’t matter; tedious IOC extraction, and more.

    Leading the evolution of security operations

    We’re proud to take our role of being a trusted advisor to the next level and lead the path for the next evolution of SecOps, by launching our Autonomous SecOps offering.

    Autonomous SecOps is about using automated, algorithm-driven Tier 1 services that require little to no human supervision. We want to see SOC teams move from being stretched thin, to having every alert properly investigated and plenty of time for proactive threat hunting. This means maximizing automated technology to support your people, enable faster and better decision making for detection and response, and empower constant proactive threat hunting.

    The launch includes:

    1. New dashboard: We recently released our new dashboard view – the ultimate visualization of how you can automate your alert investigation pipelines. It’s presented in a simple way, providing you an easy way to add additional alert sources (EDR, SOAR, and more) as well as get visibility into the automated triage, incident response, and threat hunting processes that are happening behind the scenes.
    1. New integrations: We recently released integrations for popular EDR products (i.e. Crowdstrike, SentinelOne, Microsoft Defender) as well as SOAR products (i.e. XSOAR) to easily connect your endpoint and email alert pipelines and automate the investigation and response process. Once an integration is in place, every alert gets annotated with clear advice and recommended actions.
    2. New pricing packages: You asked, we listened. Integrating full alert pipelines requires a lot of file/URL/artifact/memory dump scans. This can consume a lot of quota on our service and become quite costly. Which is why we are now offering additional pricing tiers that are based on the number of endpoints being handled (with unlimited scans) instead of having a fixed analysis quota for individual scans. To see the plans that we’re offering now and use the calculator to estimate the cost based on your needs, check out our Pricing page here.

    While it’s important for us to still allow on-demand malware analysis, the major weight of our focus would be to become that automated trusted advisor and provide a technology-based alternative to external SOC services or MDR providers.

    This launch is a big step forward for Intezer’s vision to help SOC teams go from being overwhelmed (or forced to outsource key tasks) to being in control with every alert properly investigated. We want SecOps teams to have time for proactive threat hunting, while saving time and budget that would otherwise goes to expensive outsourced services.

    See how Autonomous SecOps works

    To see how it works, you can watch this 5-minute recorded demo to get a high level view of how we can become your virtual Tier 1 in just a few clicks:

    Intezer’s platform is based on proprietary threat analysis technologies, not black magic – book a demo to talk with us and see for yourself how it works. Find out what makes Intezer different and how your team can leverage powerful automation to save time, resources, and make sure you catch the real threats.

    Get a demo.

    Itai Tevet

    Once led a government CERT. Now CEO at Intezer, changing the way we investigate and respond to cybersecurity incidents.

    Generic filters
    Exact matches only
    Search in title
    Search in content
    Search in excerpt