Autonomous investigation is a technology that provides advanced threat detection and automated incident response to achieve comprehensive threat remediation and prevent long-dwelling breaches. This technology provides the full scope of all security incidents instantly to augment the threat detection, investigation and remediation process and creates a comprehensive view of each cyber incident by combining disparate alerts, events, and logs into one narrative.
It reduces the noise of false-positive alerts and provides automatic incident investigation which dramatically shortens the response time of cybersecurity teams, enhancing overall protection levels and saving costs. Autonomous investigation betters cyber defense and proactive cybersecurity such as threat hunting, wider visibility into breaches from vulnerable IoT appliances, and malware detection that typically bypasses endpoint detection, specially file-less and BIOS-level attacks. It works by continuously collects massive amounts of network security log data from the web proxy (secure web gateway) for update and analysis and grouping a collection of events that are significantly correlated and unique in their behavior into distinctive clusters based on machine learning technology. It then identifies a suspicious cluster, it presents the analyst with a full narrative and incident report complete with all related forensic evidence.