Devo Technology unveiled Devo DeepTrace, an autonomous alert investigation and threat hunting solution that uses attack-tracing artificial intelligence (AI) to advance how security teams identify attacks, investigate threats and secure their organizations.
DeepTrace augments the work security analysts do by building complete traces of suspicious activity detected across an organization’s infrastructure, which alleviates much of their mundane, repetitive tasks.
“Today’s SOCs are under strain and SOC analysts in particular are overwhelmed with the ever-increasing volume of alerts and threats,” said Rakesh Nair, VP of engineering at Devo.
“Humans can’t scale at the same pace of data and threats, so we need to augment analysts and threat hunters with automation technologies and AI. DeepTrace takes an alert and translates it into a full summary of events by asking a series of questions. In return, the analyst can review pre-investigated and fully contextualized attack traces to mitigate them instead of drowning in data and chasing false positives,” added Nair.
DeepTrace helps analysts by performing investigations as they would but at machine speed and scale. Starting with an event or an alert, its AI engine asks potentially hundreds of thousands of questions to autonomously construct traces fully and chronologically detailing an attacker’s actions.
DeepTrace then overlays its results against the MITRE ATT&CK framework, which provides analysts with advanced context and additional points of reference so they can analyze attacks, identify patterns, and assess existing defenses within the organization.
DeepTrace was designed to meet multiple use cases for today’s security teams:
- Autonomous investigations: DeepTrace autonomously investigates suspicious events and alerts using attack-tracing AI. It identifies each step in the attack chain, providing a full, evidence-based timeline of the attack. Each trace offers critical information that an analyst needs to nullify the threat.
- Autonomous threat hunting: DeepTrace helps threat hunters quickly construct and configure new hunts that map to MITRE ATT&CK framework tactics and techniques. Once refined and validated with the use of autonomous investigations, these can be converted to new cadence-based threat detections.
- Optimized incident response: DeepTrace harnesses the organization’s data to perform retroactive hunts that find attacks and malicious activity. Once an actual attack is identified, DeepTrace produces interactive traces and reports documenting an attacker’s footsteps.
DeepTrace ensures that security teams are able to comprehensively investigate threats by rapidly tracing attacks, which fundamentally changes the way organizations discover and thwart their adversaries while protecting the business.