Safety Detectives: Please share your company background, how you got started, and your mission.
DTonomy: DTonomy was founded by experienced security analysts who have worked in the SOC center of big companies such as Microsoft to address the challenge of alert fatigue.
As we were working in responding to a variety of security issues, we are frustrated by the overwhelming number of security alerts and repetitive false positives and are hyper concerned about missing false negatives.
As companies are deploying more security monitoring and detection capabilities, the lack of skilled security analysts and resources is preventing them from taking proper actions quickly to respond to potential security issues. Given such a big gap between security detection and response and there are no good solutions in the market, we decided to start a company to address this gap.
Our mission is to enable security analysts to quickly respond to all security issues quickly and easily, saving companies costs and reducing security risk.
SD: What is the main service your company offers?
DTonomy: We provided an AI-based security analysis platform for analysts to quickly triage security alerts.
SD: What is something unique that helps you stay ahead of your competition?
DTonomy: DTonomy’s unique AI capability enables companies to reduce time on investigations by 80% so that they can handle more security risks.
DTonomy’s AI-based cross-correlation and adaptive learning capabilities that instead of looking for anomalies, looks for relationships between alerts; instead of manually figuring out the best detection logic, the system “learns-out” false positives patterns based on security analyst’s activities. Doing this provides analysts with a smaller number of automatically-grouped alerts to review. In addition, the SOC team’s knowledge gained from the time-consuming consolidation and analysis will be kept and used to optimize future security operations responses automatically.
SD: What do you think are the worst cyberthreats today?
DTonomy: Attackers are constantly leveraging all kinds of techniques to break out the systems. It is not that we do not have a solution to detect it. Instead, we have so many vendors that provide solutions to detect ransomware, phishing, DDoS, etc. The biggest threat is that all those true attack signals are buried in overwhelming false positives signals that we can not respond to properly and quickly!