Ontinue announced it is the first Microsoft-focused MXDR provider to bring
autonomous investigations to market. This groundbreaking technology transforms
MXDR by scaling expert-level security analysis, accelerating investigations,
and reducing customers' SecOps burdens using Agentic AI.
Automation has long accelerated Tier 1 incident triage by handling
repetitive tasks, helping defenders quickly resolve commonly seen incidents.
Ontinue takes this further with autonomous investigations powered by Agentic
AI-now live in production for every customer since December 2024. This
innovation extends automation to Tier 2-level investigations. When an incident
is escalated to the Ontinue Cyber Defense Center, a team of AI agents
automatically aggregates telemetry, forms and tests hypotheses, and conducts a
full investigation - work that would typically require a Tier 2/3 analyst -
that is passed to an Ontinue Cyber Defender. The result is a detailed summary
with step-by-step logic, giving human defenders a head start in the race
against attackers. This capability has cut mean time to investigate by up to
50% and enables Ontinue to resolve 99.5% of incidents without customer
involvement, saving customer security teams hundreds of hours.
"Agentic AI doesn't just evolve how we do security - it
redefines it," said Geoff Haydon, CEO of Ontinue. "Unlike traditional
automation tools that follow prescriptive rule-based scripts, the generative
nature of Agentic AI allows it to learn, reason, test, and adapt within the
context of any given situation. It doesn't just assist humans, it amplifies
them. Autonomous investigations allow Ontinue's Cyber Defenders to move faster,
go deeper, and make more accurate decisions on behalf of customers. This is not
an incremental innovation; it's a fundamental leap forward in how MDR should be
delivered."
"Ontinue's new autonomous investigation capability brings speed
and precision to threat response," said Thai Vong, Vice President of Technology
and CIO (Acting) at ACR. "It cuts through the noise, focuses our attention on
real issues, and reduces the burden on our internal team. That allows us to
maintain strong security while keeping our focus on integration, operational
efficiency, and growth. It's a smarter, more scalable approach to
cybersecurity-exactly what's needed in a fast-moving, acquisition-driven
environment."
Solving MDR Scale Challenge
In an era of growing threat sophistication and talent shortages,
customers need more than a managed service - they need an AI-augmented team.
Many MDR providers still rely on human-only models that can't keep up
with today's volume, variety, and velocity of threats. Agentic AI helps Ontinue
do what legacy MDR providers can't. The new autonomous investigation capability
ensures every alert is fully investigated with contextual depth across logs,
identities, endpoints, and cloud environments. That means 24/7 expert-level
analysis, action, and resolution - at scale.
"Since our inception, we have always viewed AI as a critical
technology for overcoming the scale and speed limitations that legacy MDRs
simply can't address," said Theus Hossmann, Chief Technology Officer at
Ontinue. "Automation in security operations has always been limited to
deterministic use cases - "if we see x, then do y" - which is useful, but only
allows us to automate situations we can predict or have seen before. Novel,
more complex incidents have traditionally been left up to humans to investigate
because they require human-level reasoning and intuition, and as a result these
are the incidents that take the most time to resolve. We took a multi-agentic
approach when we built autonomous investigations into the ION SecOps platform
which completely flips this paradigm on its head by allowing us to harness near
human-level reasoning and creativity at machine speed. As attack surfaces
continue to expand and new threats emerge faster than ever, the ability to
automatically investigate complex, multi-dimensional incidents is
essential."
Since introducing autonomous investigations in Ontinue ION MXDR,
customers have realized significant benefits:
-
Mean time to investigate has been reduced by up to 50%
-
99.5% of incidents are resolved without requiring customer
involvement
-
Security teams have saved hundreds of hours they would have
otherwise spent on manual investigations
Redefining MDR with Real-Time Collaboration and Agentic AI
Automation
Ontinue launched the industry's first Microsoft Teams-based
collaboration model that enables real-time, direct engagement between customers
and the Ontinue Cyber Defense Center for faster communication and
decision-making during incident management. Smart Response further tailors the
service to each organization by automating customizable rules of engagement and
escalation paths that allow the ION MXDR service to seamlessly integrate into a
customer's desired operational model. Additionally, Ontinue introduced
autonomous investigations powered by proprietary Agentic AI to accelerate
investigations at scale. Every incident escalated to the Ontinue Cyber Defense
Center is automatically investigated by ION IQ, the AI at the core of the ION
MXDR service, before being passed to a human for further analysis. For each
incident ION IQ uses Agentic AI to gather contextual information from disparate
systems, form a hypothesis, develop an action plan for testing the hypothesis,
conduct the investigation, and provide a detailed summary for review by one of
Ontinue's Cyber Defenders - all in a matter of minutes.
Industry analysts recognize the significance of this advancement.
"Ontinue's use of Agentic AI in its autonomous investigation represents
a significant leap forward in managed detection & response capabilities," said
Cathy Huang, Research Director at IDC. "It enables a level of
automation for the context gathering that was previously unattainable. This
innovation not only improves the speed and consistency of threat detection,
incident investigation but also empowers security teams to have a comprehensive
understanding of each incident, leading to more informed decision-making and
better business outcomes."