H1 2024: All the New Capabilities Driving Continuous Innovation, Trust and Empowerment

During the first half of 2024, our team has been hard at work enhancing our Ontinue ION MXDR platform to provide unparalleled prevention, detection, response, and access to information.

ION customers benefit from continuous platform and service improvements delivered by Ontinue’s Threat Detection, Automation, Advanced Threat Operations, and Engineering teams. Updates are pushed continuously as soon as they pass testing and validation. Every two weeks we provide customers with a summary of key updates, delivered directly within ION for Teams. We leverage customer feedback, usage data, analysis by our security experts, and more to prioritize, develop, and deliver high-value capabilities and service improvements.

Here is a summary of what we’ve delivered since January:

36 New Detections: To augment the coverage provided by security controls, the Ontinue Threat Detection team continuously develops and deploys new detections. In H1 2024 the focus was on extending endpoint and identity coverage.

• Linux and Okta coverage: We’ve strengthened endpoint coverage in Linux environments and identity coverage for customers using Okta.
• Augmenting Detection Beyond Native Microsoft Capabilities: We’ve extended endpoint detection beyond what Microsoft Defender for Endpoint provides natively, identifying opportunities to improve coverage from pentesting results. We’ve also extended identity coverage using improved automation workflows to enable broader use of Entra ID Protection detections, such as the Unfamiliar Sign-In Properties and Atypical Travel alerts.

20 Threat Advisories: We keep ION customers ahead of new, relevant, high-risk vulnerabilities that might impact their environment with Threat Advisories that detail the risk.

• Critical Zero-Day and Remote Code CVEs: Both these types of vulnerabilities could represent significant risk. Zero-days are often more dangerous because fewer defensive measures are possible, while remote code CVEs have high potential impact because they enable threat actors to execute arbitrary commands. A number of the H1 2024 Threat Advisories flagged these kinds of vulnerabilities.
• Monthly Patch Tuesdays: We also provide guidance and analysis for every Patch Tuesday issued by Microsoft.

12 New ION IQ Assistant Skills: The ION IQ Assistant provides ION customers easy access to expertise, on topics from their recent security incidents and the MITRE framework, to tailored recommendations on optimizing Sentinel costs.

• Prompt Catalog for Usability: Beyond adding ION IQ Assistant skills, we have also made it easier than ever to discover and maximize the value that the Assistant can offer with a comprehensive catalog of skills that can be viewed and used by simply typing “/”.
• Natural Language Interface to Sentinel Data: Ontinue’s Data Science team has developed a natural language to KQL converter. This enables ION customers to focus their time and efforts on exploring and understanding their Sentinel security data rather than debugging queries.

6 New Workbench Responses: the Cyber Defender Workbench enables Ontinue Defenders to work more effectively and efficiently, by bringing together everything they need to run an incident to ground on a single platform.

• Triggerable Key Response Actions: We’ve shaved time off our MTTR by alleviating the need for Cyber Defenders to pivot out of their workbench to take response actions. Cyber Defenders can now trigger automated actions directly from within the Cyber Defender Workbench. As always, Cyber Defenders take response actions in accordance with the jointly agreed Rules of Engagement.

In H2 2024 Ontinue will continue to deliver new platform capabilities and service improvements. Some of the key areas of innovation will include:

• More tailored automation: building on the Smart Automation capabilities already delivered in H1 2024, we will enable customers to further tailor their escalation matrix. In addition, we are building easier customer workflows for review and approving response actions recommended by the Ontinue Cyber Defense Center.
• Expanding detection coverage: in the coming months, the Ontinue Threat Detection team will be developing and deploying Google Cloud Platform (GCP) detection use cases, as well as additional coverage for network log sources.
• Improving the user experience: working with customers, we will be improving ION dashboards, reporting, and further enhancing the usability of the ION IQ Assistant.

As we did over H1 2024, we will continue to deploy improvements continuously with twice-a-month updates to customers that summarize the latest developments.