Ontinue ION: Nonstop SecOps Operationalizes Security

Operationalizing security is rife with challenges, including the vast number of threats, the complexity of tools, and the well-documented global talent shortage. So legacy MSSPs and managed detection and response (MDR) service providers stepped up to provide 24/7 threat detection. But customers continue to struggle with several key issues.

Customers want to get faster at detection, but also response. They want to proactively reduce risk – by preventing more and needing to respond to less. And they want to do all of this while reducing complexity, increasing efficiency and saving money. To do more with less.

Now, there’s a service that delivers: Ontinue ION.

Built for Microsoft

Ontinue ION is the managed extended detection and response (MXDR) service that puts the nonstop in Nonstop SecOps. What do we mean by that? To break it down, ION dramatically accelerates detection and response, matures your security posture, and improves SecOps efficiency.

By plugging into the Microsoft security stack, ION maximizes the value of your Microsoft security controls to protect multi-cloud, multi-device environments. ION delivers extensive automation workflows for incident triage, investigation, and response – all using the Microsoft control plane. And it’s all supported with a Teams-based interface that enables real-time collaboration between our teams and yours, inside of your existing collaboration platform.

A new model for engagement

When you work with ION, you’re assigned a Cyber Advisor. This technical account manager works directly with your organization to continually improve your security posture and understand your environment – including identifying critical applications and assets, key stakeholders and existing processes. This allows your designated team of Cyber Defenders within the Cyber Defense Center (our global SOC), to tailor detection and response based on a deep understanding of your environment’s risk profile and operational constraints.

Our Cyber Defenders monitor your environment 24/7 using a follow-the-sun model that ensures continuous coverage without needing to resort to night shifts that hinder efficacy – no one is at their best at 2:00 am local time. In addition to nonstop monitoring, our Threat Hunting team conducts ongoing proactive threat hunts, alerting you to any high-risk discoveries they’ve detected. All relevant information related to incidents and discoveries is surfaced directly within Microsoft Teams, making it easy for your team to consume from any device at any time.

Each quarter, your Cyber Advisor conducts a review of your security posture, including how your security score has changed over the quarter, incident history, prioritized vulnerabilities, threat hunt outcomes, and more – packaged up in an Action Report that details the most impactful actions we recommend to improve your posture and limit future incidents.

Key differentiators that deliver

Ontinue ION provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk:

  • Automation: ION Automate leverages a data science team and AI-driven automation to accelerate numerous security operation tasks, from triage to resolution.
  • Collaboration: The right people have access to the right information in real time, thanks to ION for Microsoft Teams.
  • Localization: ION brings a tailored, risk-based approach to cybersecurity, understanding your environment, operations, and teams at a fundamental level.
  • Specialization: No one knows Microsoft like we do. Ontinue ION is purpose-built to get the most out of your Microsoft ecosystem.
  • Prevention: Designated advisors proactively improve your security posture through continuous assessment and review of incident history, environment, posture and risk profile to guide prevention activities.

But it’s how we use these capabilities to deliver results that matters to your organization.

Your organization’s outcomes

Ontinue ION delivers real results for your business. Delivering key outcomes including:

Effectiveness: Ontinue ION is more effective at preventing incidents because we’re constantly measuring and assessing your security score. We’re improving your security posture on the assets that matter. We’re identifying and prioritizing vulnerabilities based on exploits and asset criticality. And we’re conducting regular threat hunts and reviewing incident trends.

Accelerated detection and response: ION’s highly trained cyber defenders are deployed at SOCs worldwide, our data scientists are continuously modeling the activity and behavior of defenders to spot inefficiencies, bottlenecks – and patterns of success. We use this to drive high levels of automation, including full automation of Tier 1 activities such as detection, investigation, enrichment and triage or response. When we can’t automatically resolve an incident, our Cyber Defenders leverage additional automation to speed up Tier 2/3 investigation and can trigger automated responses for fast containment and resolution. We understand your environment, have the context to make better and faster decisions, and engage in real-time collaboration through Microsoft Teams.

Doing more with less: ION helps you take full advantage of the Microsoft security stack, so you can retire superfluous controls, and reduce operational complexity and burden through automation. Because we understand your environment we can tackle more tasks, reducing the burden on your team and helping all of us to prioritize our efforts where it has the greatest impact. Because ION analyzes your ongoing Sentinel ingestion costs on a per-data connector level, we can determine which sources provide the optimal cost-to-security ratio and work with your team to tune ingestion to keep costs under control without compromising security. Our innovative Microsoft Teams interface allows us to truly act like an extension of your team, embedded into your collaboration environment. All of this means you’ll reduce your capital expense, operational expense, and data expense for security.

By providing always-on monitoring with a deep understanding of your environment, nonstop, Ontinue ION is the MXDR service of choice for Microsoft security customers that want to accelerate detection and response, proactively reduce risk and reduce costs.

Learn more about Ontinue ION and how we deliver Nonstop SecOp

Article By

Dave Martin
Vice President, Product Management, MXDR Services

As vice president of product management, managed extended detection and response (MXDR) services for Ontinue, Dave is responsible for all aspects of the company’s product management product strategy, roadmap and full life-cycle management.