AI/ML, SOAR, XDR, MSSP

MSSP Vendors Bring AI Advancements to Black Hat USA

Startups and AI innovation

Black Hat USA in Las Vegas this week has had no shortage of cybersecurity companies announcing new AI-powered solutions, many of them with MSSPs in mind. MSSP Alert has covered many of these in this week's MSSP Market News. And we are providing a deeper dive into a few solutions here.

One such vendor is D3 Security, a smart security orchestration, automation, and response (SOAR) specialist, who announced the release of Ace AI.

What is Ace AI and How Can it Help MSSPs?

Ace AI adds new capabilities to D3’s Smart SOAR platform, which applies AI to make security operations faster and more intuitive, the company said. Smart SOAR performs autonomous triage and reduces false positives so that MSSPs and security teams can spend more time on real threats, D3 said.

"For us, it was important to only add AI if we thought it would actually provide significant value to the security analysts, engineers, and managers that use Smart SOAR every day,” D3 founder and president Gordon Benoit told MSSP Alert. “Everything we do at D3 is about making security operations faster and easier, without compromising on power, reliability, and scalability. Ace AI takes that to the extreme by connecting users to Smart SOAR’s sophisticated capabilities via simple, natural language prompts."

Benoit noted that his company works with a lot of MSSPs, so their R&D investments are made with service providers' needs in mind.

“Something we’ve been talking a lot about recently is turning down the noise in the SOC,” he said. “That can mean alert noise, but it also means the busywork, such as writing reports, searching through a menu for the right command, or learning the interface of yet another security tool that distracts from important security tasks. MSSPs get the worst of these challenges because they work with so many customers and different tools.”

Benoit said that Ace AI is designed to cut through that noise with AI-powered search and investigation.

“It generates your incident summaries for you. It gives you MITRE’s recommended remediation actions. It finds the command you’re looking for. For MSSPs, that will mean getting a lot of valuable time back."

D3 says that Ace AI makes it easier to perform investigations and incident response using Smart SOAR, enabling less experienced team members to quickly provide value, D3 said.

Smart SOAR with Ace AI benefits include:

  • AI-Generated Playbooks. The playbooks translate natural language prompts into automated Smart SOAR playbooks, which accelerates the playbook-building process while reducing the tool’s learning curve and minimizing human error.
  • AI-Powered Search. Ace AI takes natural language search queries and uses its contextual knowledge to automatically retrieve the appropriate command. This keeps investigations moving forward instead of getting bogged down in repetitive, manual searches.
  • AI-Powered Investigations. Ace AI takes all the relevant context of an investigation — including related incidents, artifacts, notes, playbook actions, dynamic form content, and MITRE TTPs — to automatically generate incident summaries, findings and analysis summaries, and recommended remediation actions.

D3 Unveils Competitive SOAR Migration Tool

D3 has also introduced its Legacy SOAR Migration Program at Black Hat. The program enables organizations to move from other SOAR tools to D3’s Smart SOAR quickly, with minimal burden on the team, the company said. The company noted that 70% of its new customers come from competitive SOAR tools.

“As a security automation vendor, we believe in handling complexity on behalf of our users, so they can focus on what they do best,” Benoit said. “That’s why our team builds, tests and maintains all our integrations in house. That’s why we’ve spent the past year doing research into common combinations of tools and optimizing playbook functionality for each stack. Ace AI is another step toward that goal, because it streamlines the user experience while executing complex processes in the back end.”

SentinelOne Updates Singularity Platform, Forges Mandiant Deal

SentinelOne also announced AI innovations Black Hat including the general availability of Singularity MDR and Singularity MDR + DFIR. Combining SentinelOne’s AI-powered Singularity Platform with the company’s security expertise, the new MDR service provides enterprises with coverage across endpoints, identities, networks, cloud workloads and more, empowering them to secure their environments in an efficient, cost-effective and scalable way.

SentinelOne also announced that it has become a strategic endpoint vendor for Mandiant Consulting. Building on this partnership, SentinelOne is integrating its AI-driven autonomous endpoint protection with Google Cloud’s (Mandiant is a Google Cloud company) threat intelligence to help their customers to strengthen their security posture.

The companies will share telemetry data, which will give customers the most comprehensive security insights available and empower them to bolster their defenses against the latest threats. SentinelOne said it will use this data with Google Gemini 1.5 Pro and Flash models to further enhance the autonomous capabilities of Purple AI and Singularity Platform and deliver the future of enterprise security.

Stellar Cyber Brings AI to Unified Platform

Stellar Cyber, an Open XDR specialist, introduced its Multi-Layer AI offering this week. Multi-Layer AI incorporates four distinct technologies: machine learning (ML), graph ML, generative AI and hyper automation, all in a single unified platform that reduces threat detection and response time. Check out MSSP Alert's full coverage of that announcement here.

This new approach applies AI at multiple steps in the detection, correlation and response process to reduce alert volume, prioritize and correlate threats, counsel analysts and respond automatically.

Stellar Cyber’s aim is to make AI consumable and easy to buy. Wei notes that this is an important distinction for MSSPs because it makes detection and response much faster and easier.

“We have all these AI variants in one platform and that is key and a huge differentiator in our view,” Wei said. “It drives a better profit-and-loss or margin outcome for MSSPs. It’s an important distinction for MSSPs because it makes detection and response much faster and easier, which makes them more competitive. By making their teams much more productive, it also improves their margins.”

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.

You can skip this ad in 5 seconds