Query.AI’s enhancements drive efficiencies in cybersecurity investigations

Siloed data is preventing organizations from gaining timely views into cybersecurity risks. To help customers more quickly access, investigate, and respond to threats in their cloud, SaaS, and on-prem ecosystems, Query.AI introduced new capabilities for its security investigations control plane.


The most recent platform enhancements, which include automated alert triage, one-click response actions, and streamlined and detailed ticketing capabilities, are intended to help companies more rapidly, accurately, and cost-effectively complete their cybersecurity investigations.

The Query.AI platform serves as a connective tissue that delivers federated search to conduct investigations across data silos and eliminates the antiquated approach of universal data centralization.

It provides companies with a unified browser interface, which plugs into existing security architectures quickly and easily using APIs. The platform also gives security teams the flexibility to query across cybersecurity systems and contextual information stores with the simplicity of a single query — via text, natural language, or Unified Query Language (UQL).

“Our team was, essentially, in a reactive mode looking individually at 60 technologies to surface answers for security investigations. Purely measuring cyber resiliency based on the labor needed to look at 60 tools and do the deep security analysis, we weren’t set up for success,” said Chris Borkenhagen, COO & CISO for AuthenticID.

“Query.AI is our solution-of-choice for centralized observability and incident management. The broad-based ability to access, investigate, and respond to what’s happening in every one of our core environments through a single console gives us speed and efficiency. Our ability to identify, react, and quarantine is significantly faster and, as a result, more cost effective.”

New Query.AI platform capabilities include:

  • Automated alert triage — enriches and normalizes security alerts, providing contextual information to easily understand what’s relevant, the potential impact, what to prioritize, and where to begin.
  • One-click response actions — initiate response actions supported by integrated tools and infrastructure to get response outcomes in minutes. For example, resetting a password, locking, blocking, or isolating a user, IP, or host is as simple as a click directly from the Query.AI console.
  • Streamlined and detailed ticketing — integrates with IT Service Management (ITSM) solutions, providing a single place for security analysts to view alerts and tickets, and create and assign new tickets.

Earlier this year, Query.AI was named a 2021 Gartner Cool Vendor in Security Operations, and recognized by Forrester Research, Inc. in its “New Tech: Extended Detection and Response (XDR) Providers, Q3 2021” report.

The latest Query.AI platform release is available now.

Don't miss