Ontinue: Redefining MDR with AI-Powered Automation

By Amit Chowdhry ● Sep 30, 2024

Ontinue is a leading provider of AI-powered managed extended detection and response (MXDR) services. Pulse 2.0 interviewed Ontinue’s VP of Security Operations, Craig Jones to learn more about the company.

Craig Jones’ Background

Can you start by sharing more about what led you to Ontinue and what your role is within the company? 

Jones: “As the Vice President of Security Operations, I am responsible for overseeing Ontinue’s four Security Operations Centers (SOC) distributed across the globe and the teams staffing them.”

“Prior to Ontinue, I spent eight years with the cybersecurity solutions provider, Sophos. As Senior Director of Global Security Operations, I directed Sophos’ worldwide security operations program. I am currently a GIAC Certified Incident Handler (GCIH) and a Certified Information Systems Security Professional (CISSP).”

“An active member of the cybersecurity community, I have volunteered as director of BSides Cymru/Wales since 2019. I am also a frequent speaker and noted thought leader, recognized as an expert in incident response, SIEM, SOC detection, SOC automation and threat intelligence.”

Background About The Company

Can you share some background on Ontinue as a company? 

Jones: “In today’s complex cybersecurity landscape, organizations face evolving threats, limited budgets, and staff shortages. Managed detection and response (MDR) has emerged as a solution for overwhelmed teams striving to protect their organizations. However, many managed security vendors fail to deliver on their promise of 24/7 coverage due to a lack of understanding of the client organization’s unique environment.”

“Ontinue provides tailored managed security operations for Microsoft security customers, leveraging our 24/7 follow-the-sun Security Operation Centers and Ontinue ION, our MXDR platform, supported by advanced AI-powered security and collaboration tools. We integrate AI, automation, and human expertise to minimize risks and optimize SecOps costs.”

Leveraging AI For Managed Detection And Response Services

How does Ontinue leverage AI in their Managed Detection and Response services? 

Jones: “Our team of data scientists, security experts, and Microsoft specialists set out to reimagine MDR through the lens of AI. We built our service on an AI technology platform that augments human intelligence to enable smarter, more precise communication, smoother teamwork, and transparency every step of the way.”

“Ontinue ION, our managed extended detection and response (MXDR) service, is different. We’ve developed a proprietary customer data model that we use to tailor our services to an organization’s assets, processes, rules of engagement, users, and more. Mapping their environment onto our customer data model in this way allows us to harness the power of AI and the speed of automation. That translates to faster, higher quality, and more transparent incident resolution – delivered by our 24/7/365 globally distributed Cyber Defense Center.”

“A few of our differentiators include:

  1. Tailored to an organization’s unique environment, then automated for them – With our proprietary AI-powered platform, we localize service and accelerate automation based on insights into an organization’s environment and operations.
  2. Delivered by experts – We help organizations consolidate their security stack using Microsoft’s XDR and SIEM ecosystem. Our unmatched expertise with Microsoft 365 Defender and Sentinel empowers them to remove redundant controls and reduce their data ingestion costs.
  3. Built for transparent collaboration – Security teams can collaborate in real time with our Defenders, Advisors, and AI chatbot—right in Microsoft Teams—for faster decision-making and easy access to information.
  4. Prevention-focused ION isn’t just reactive. Our service includes prioritized, measurable recommendations for posture-hardening and threat prevention.”

Threat Intelligence Report For 2023

At the beginning of this year, Ontinue released its Inaugural Threat Intelligence Report. What are some key takeaways/trends that Ontinue saw in 2023? 

Jones: “As cyber attackers are becoming increasingly sophisticated, using advanced techniques such as social engineering, ransomware, and supply chain attacks to breach organizations’ defenses, Ontinue’s 2023 Threat Intelligence Report provides a comprehensive overview of industry-specific threats and trends prevalent to the cybersecurity landscape.”

“To highlight a few:

  1. QR Phishing (“Quishing”) – In 2023, we saw the rise of the QR phishing email. A simple yet effective method to bypass common security controls. The email could be as simple as a single image, designed to look like the Microsoft authentication MFA message that we see all the time. Victims are scanning the codes on their mobile devices (which often sit outside of an organization’s security controls), leading them to an imitation Microsoft login screen to enter their credentials. The reason this was so effective in bypassing common security controls was the simplicity of the email contents. Typically, Microsoft Defender for Office 365 scans attachments and links within emails to detect phishing attempts or malicious software. However, the QR code effectively bypasses this layer of security because the malicious link is embedded within the QR code image.
  2. Exploitation of AI and ML – AI and ML technologies continue to advance and threat actors have begun leveraging them for malicious purposes. From generating convincing deep fake content to evading traditional security measures through adversarial attacks, AI and ML have become a double-edged sword. Protecting AI and ML systems from exploitation requires a combination of algorithmic defenses, robust training data, and ongoing security research.
  3. Escalation of Ransomware Attacks – Ransomware attacks have reached new heights in 2023, with threat actors employing more sophisticated techniques, targeting organizations of all sizes and industries. These attacks have resulted in significant financial losses, operational disruptions, and compromised sensitive data. Threat actors have increasingly adopted double-extortion tactics, threatening to leak stolen data if the ransom is not paid, amplifying the impact on victim organizations. Robust backup strategies, employee training, and security awareness programs are critical defenses against ransomware attacks.

What Cybersecurity Trends Organizations Should Look For

Based on the findings from Ontinue’s report, what cybersecurity trends should organizations lookout for in 2024? 

Jones: “IT and security teams need to prioritize preparedness against AI-driven threats, IoT vulnerabilities, hacktivist activities, and evolving ransomware operations in 2024. By staying informed about emerging trends and implementing proactive cybersecurity measures, organizations can better protect their assets and mitigate the risks associated with evolving cyber threats.”

“Some specific trends that cyber threats organizations should watch out for include:

  1. AI Exploitation – The increasing integration of artificial intelligence (AI) into both beneficial and nefarious activities poses a significant challenge. Threat actors are expected to leverage AI for social engineering and sophisticated attack strategies, potentially circumventing traditional security measures. Additionally, the rising adoption of biometric security measures may prompt attackers to utilize AI to bypass these authentication methods.
  2. IoT Vulnerabilities – The proliferation of Internet of Things (IoT) devices, coupled with the widespread deployment of 5G networks, expands the potential attack surface for cybercriminals. Mobile devices, in particular, are prime targets for access point exploitation and credential harvesting. The scenario resembles the risks observed during the webcam DDoS attacks in 2016, indicating a need for heightened vigilance and robust security measures to safeguard against IoT-related threats.
  3. Hacktivism & Hacks-for-Hire – Geopolitical conflicts and tensions, such as the war in Ukraine and regional disputes like the Israel-Hamas conflict, may fuel hacktivist activities aimed at disrupting opposing forces. Furthermore, the prevalence of hack-for-hire operations is on the rise, where mercenaries offer their services to any paying entity without allegiance. Organizations should be prepared for potential cyber disruptions orchestrated by hacktivist groups and take proactive measures to defend against such attacks.
  4. Evolving Ransomware Operations – Ransomware tactics continue to evolve, with threat actors constantly adapting their payloads and methods to maximize impact. Notably, extortion strategies have expanded beyond data encryption, as demonstrated by incidents like those attributed to fictitious groups such as ‘Alphv/blackcat’ in late 2023. Victims may face threats of data leaks and reports to law enforcement agencies, leading to potential fines and regulatory scrutiny. IT and security teams must enhance their ransomware defenses and incident response capabilities to mitigate the growing threat posed by these sophisticated attacks.

Cybersecurity Best Practices

What are some cybersecurity best practices for organizations to prevent business disruption this year? 

Jones: “As organizations strive to develop a stronger security posture to reduce the risk of cyber threats and data breaches, some best practices are:

  1. Regular Software Updates and Patch Management – Keeping all software, including operating systems, applications, and security tools, up to date is crucial. Regularly install patches and updates released by vendors to address vulnerabilities and protect against known threats.
  2. Strong Access Controls and Authentication – Implement robust access controls to ensure that only authorized users have access to sensitive data and systems. Enforce the principle of least privilege, where users are granted only the minimum level of access required to perform their duties. Utilize multi factor authentication (MFA) to add an extra layer of security beyond passwords.
  3. Employee Training and Awareness – Invest in cybersecurity training and awareness programs to educate your employees regarding common threats such as phishing, social engineering, and malware. Encourage a culture that embraces security consciousness and provides regular updates on emerging threats and best practices.
  4. Regular Data Backups and Disaster Recovery Planning – Implement a comprehensive backup strategy to regularly back up critical data and systems. Ensure that backups are stored securely and can be easily restored in the event of data loss or a ransomware attack. Develop and regularly test a disaster recovery plan to minimize downtime and data loss in the event of a cyber incident.
  5. Network Segmentation and Monitoring – Segment your network to isolate critical systems and sensitive data, limiting the potential impact of a security breach. Implement network monitoring tools to detect and respond to suspicious activity in real-time. Monitor network traffic, user behavior, and system logs for signs of unauthorized access or malicious activity.”

Customer Success Stories

Can you share a specific customer success story?

Jones: “Recently, we worked with The College of Southern Nevada when they set out to make their valuable personally identifiable information (PII) and research data safe from cyber-adversaries. Their team was spending too much time putting out fire drills in order to keep their community safe and secure – largely because the cybersecurity solutions they were using were complex and it was becoming increasingly tiresome to hire, train, and keep qualified security personnel. The do-it-yourself model became extremely costly and difficult to manage. CSN partnered with Ontinue by outsourcing its entire Security Operations Team to the team, using fewer resources and costs than they would have to build one internally. Thanks to Ontinue ION Cyber Defense Center, CSN is saving 183 hours and the equivalent 3.5 full-time engineers each week.”

“Ontinue also worked with Smartest Energy, a renewable energy solutions provider who needed a more comprehensive cybersecurity strategy as the company grew. One of the major pain points that SmartestEnergy faced before partnering with Ontinue was a lack of visibility into potential threats and vulnerabilities in their cloud and on-premises environments. Ontinue has been able to solve this problem by providing 24/7 Managed Security service with automated alert triage, as well as guidance on how to address any issues that may arise. This greatly increased SmartestEnergy’s Microsoft Secure Score — and gave the team peace of mind.”

Future Company Goals

What are some of Ontinue’s future company goals? 

Jones: “Ontinue will continue to focus on advancing our cybersecurity services by further integrating artificial intelligence and human expertise. We aim to continue deepening our understanding of our customers’ environments, teams, and operations to deliver tailored managed security solutions. Our focus is on driving innovation in AI and automation to offer highly localized protection, empowering security teams to operate with increased efficiency and effectiveness.”

Pulse 2.0 focuses on business news, profiles, and deal flow coverage.

© 2024 Pulse 2.0 LLC. All rights reserved.
Exit mobile version