DTonomy AIR Engine

DTonomy AIR Engine

Put the Power of AI-based Security Analysis to Work

Triaging 100’s or 1,000’s of alerts every day keeps security teams very busy. While frustrated by the overwhelming number of alerts, repetitive false positives and endless detection tuning, they are hyper-concerned about missing false negatives. DTonomy’s founders set out to build AI-based cross-correlation and adaptive learning capabilities that instead of looking for anomalies, looks for relationships between alerts; instead of manually figuring out the best detection logic, the system ‘learns-out’ false positives patterns based on security analyst’s activities. The SOC team’s knowledge gained from the time-consuming consolidation and analysis is saved and used to optimize future security operations responses automatically.

Give your rockstar SecOps team a helping hand to:

  1. Save time on endless detection and automation tuning via AI-based recommendations
  2. Accelerate analysis with visual grouping of alerts, system behavior and recommended runbook best practices
  3. Ensure more accurate prioritization of security alerts using AI-based scoring
  4. Enable faster knowledge transfer within the team via adaptive learning from senior analysts and historical responses
  5. Reduce the risk of false negatives via continuous context enrichment of security alerts

AI-based Analysis FOR Security Analysts
BUILT BY Security Analysts

DTonomy leverages patented AI technology to automatically and continuously correlate alerts into attack progression stories, learn patterns from senior analysts adaptively, suggests more automation opportunities, empowering security teams to investigate more detection events with less effort.

Extracting Operation Patterns Continuously

Trustworthy AI

AI is often seen as a black box where the output is hard to explain. This limits security analysts’ willingness to trust AI systems to automate actions.  Instead, DTonomy is open box AI to ensure the AI outputs are explainable, controllable and adaptive. 

Key Benefits:

  • Empower security analysts with the true power of AI
  • Enable security analysts to take manual and automated actions confidently 
  • Security analysts can easily understand AI outputs

Pattern Discovery Engine

DTonomy automatically cross-correlates alerts with DTonomy’s patentpending advanced correlation/graph mining algorithm and presents them intuitively against the MITRE ATT&CK framework. By augmenting the manual cross-correlation process with AI-based discovery, security teams can analyze significantly more alerts in less time with new insights. Besides reducing analyst efforts, this automation also reduces the risk that alerts requiring attention will go un-investigated.

Key Benefits:

  • New correlation insights are discovered continuously from new threats saving manual rule authoring
  • Faster analysis so that events no longer go un-investigated
  • More complete analysis reduces the risk of missing true positives
DTonomy AIR Alert Prioritization
adaptive security risk score

Adaptive Learning Engine

DTonomy continuously collects feedback from users and provides customer-specific adaptive risk scores based on historic trends. This eliminates time spent repetitively reviewing false positives, enables focus on highest risk issues personalized to your environments, and identifies associated risks sooner. Meanwhile, DTonomy AIR also learns decision patterns from senior security analysts driving continuous knowledge transfer across the team.

Key Benefits:

  • Ensure the SOC center is continuously optimized
  • Eliminate time spent reviewing repetitive false positives
  • Focus on the highest risk issues personalized to your environments
  • Identify associated risks sooner
  • Enable knowledge transfer within the team

Recommendation Engine

DTonomy keeps track of historical responses of your team and community, provides relevant, in-context, and automated best practice recommendations that are personalized to your industry

Key Benefits:

  • Enable proper actions to mitigate risk and close the loop on issues
  • Increase analyst confidence in decisioning
  • Guide security teams to unlock more automation
Recommending Actions

How DTonomy's AI Engine Works

AI-based analysis and response

Manual alerts correlation is time consuming and hard to keep track of progressive attacks. DTonomy’s algorithm driven correlation reveals hidden insights among security detections automatically, constructs rich context continuously for investigation, saves your time on endless correlation rules creation/tuning

Security alerts are full of false positives because generic detection logic does not include your environment context.  DTonomy’s trustworthy AI (Reinforcement Learning) engine continuously learns your security responses, identifies false positives patterns, saving your time tuning detection rules, keeping your SOC Optimized.

Manual response is time-consuming and error-prone. DTonomy’s 100s integrations enable you to easily create response automation with drag-and-drop workflows and built-in playbooks. Our AI-based recommendation enables you to build out more automations. Save time, reduce human errors and decrease alert fatigue.

Worried about missing risks buried in your events?​

Gain 10x more coverage and reduce investigation and tuning time by 80%

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

X