Six years ago, we founded DTonomy, a security automation company. As security software engineers and data scientists who had worked at the forefront of security operations — from building large-scale AI-based EDR systems to managing daily security operations — we were acutely aware of the challenges security teams face. Triaging security alerts during national holidays, where 99% are false positives, is both exhausting and time-consuming. Fully investigating each alert carries the risk of missing critical issues, underscoring the urgent need for automation. From day one, our mission was clear: to relieve the overwhelming burden on security teams by harnessing the power of Automation and AI.
Traditional automation, or the first generation of SOAR tools, made strides in helping security teams manage risks. However, it has its limitations. Real-world security investigations and responses are often more complex than what’s shown in demos, involving numerous steps that blend technical processes with organization-specific business logic. This complexity demands dedicated development teams to build and maintain these solutions, making them resource-intensive.
Traditional automation typically focuses on API-related or simple script-based tasks, limiting the scope and generalizability of the automation that can be implemented. Some tasks require advanced intelligence, which is not easily achieved through regular scripts. For instance, automating tasks like blocking an IP address that requires managerial approval or responding to suspected phishing emails involves a blend of intelligence, NLP techniques, computer vision, and robotic process automation (RPA). These methods often fall short of delivering seamless, comprehensive automation.
Traditional automation also tends to remain in the realm of simple actions, lacking strong reasoning capabilities and requiring skilled developers for constant tuning, refinement, and maintenance.
Hyperautomation addresses these challenges by enhancing traditional SOAR automation with three distinct features:
- Radical Simplicity: Hyperautomation simplifies automation through intuitive user experiences and smart connections between steps. Users can create automations using plain text descriptions, while AI handles the intricate details. This approach covers a wide range of security response use cases, making it easier for teams to implement and benefit from automation.
- Pushing Automation to the Limit: Hyperautomation integrates various techniques to enable complete end-to-end workflows. It leverages innovative technologies such as NLP for complex text analysis, computer vision for phishing image recognition, Generative AI for efficient incident summarization and guided threat hunting, and RPA for repetitive browser-based tasks. This combination allows automation to cover the full spectrum of detection, investigation, and response, unlocking automations that were previously impossible. These techniques enhance the efficiency and effectiveness of security teams, enabling them to tackle a vast array of use cases.
- Automation with Reasoning Capability (AI Agents): Unlike traditional automation, which is procedural, hyperautomation leverages Generative AI to go beyond routine tasks. AI agents within hyperautomation tap into the vast intelligence of global data, spontaneously identifying gaps, reasoning through alerts and cases, determining missing information, and figuring out the best next steps. These AI agents can also generate innovative threat-hunting ideas, query relevant intelligence online or through internal systems, and take autonomous actions until risks are properly mitigated. This dynamic intelligence enables security teams to stay ahead of evolving threats and respond more effectively.
Like traditional SOAR, hyperautomation integrates with hundreds of security tools, streamlining operations and serving as the core of a robust security automation system. It orchestrates the entire security ecosystem, ensuring seamless collaboration between all tools.
From day one, DTonomy was designed to unlock more automation for security teams, driven by our experience in SOC centers. The work is endless, risks are ever-present, and every SOC, regardless of size, faces limited resources. Automation is essential for SOCs to efficiently mitigate risks.
Stellar Cyber, the leading AI-based open XDR platform, has been adopted by thousands of security teams for detection, correlation, and response. We are thrilled to join forces with Stellar Cyber to empower their customers with the full potential of hyperautomation. By reducing the workload on security teams, they can focus on critical tasks. Our mission is to help every security team reduce risks by 10X through automation. I look forward to working with the Stellar Cyber team on incorporating our hyperautomation into their platform. Together, we can accelerate this mission and empower more customers at an even faster pace in the future.
