Your team’s most valuable resource is time. Every second counts during a cybersecurity event, and every moment your team spends on chasing false alarms, decoding alerts, or completing repetitive tasks detracts from critical effectiveness and efficiency.
Trend Vision One™ – Companion, a new generative AI security assistant, draws on decades of AI and ML innovation from the global team of industry-leading experts behind the Trend Vision One™ cybersecurity platform. By enabling SOC teams to accelerate daily workflows, Companion is a catalyst for improved performance to ensure your complete digital attack surface, from email, to endpoint, network, and cloud, remains secure.
“Trend is coming to the industry with an intelligent generative AI approach that has the potential to enhance security outcomes and bridge the gap between knowledge and execution in the SOC,” said Jon Oltsik, distinguished analyst and fellow at TechTarget’s Enterprise Strategy Group. “Companion can help cybersecurity teams gain better security insights, accelerate threat detection and response, and bolster their defences. I’m looking forward to seeing the acute impact this technology will have for security practitioners, but also the broader implications in addressing the industry’s staffing and talent shortages.”
Using a plain-language interface, Companion empowers users of every skill level with generative AI’s powerful analytical capabilities to enhance their performance and productivity. Including:
- Explaining and contextualising alerts
- Triaging and recommending actions
- Decoding complex scripts
- Developing and testing sophisticated search queries
A Powerful, Intuitive AI Tool
Generative AI is the latest evolution of large language model (LLM) AI algorithms, which analyse immense data sets to not only understand and summarise information, but also produce new content. Companion channels the unprecedented speed and intelligence of this new AI model to keep security teams working at peak efficiency.
Just like a calculator aids students, scientists, and statistical analysts in performing simple to complex calculations based on their skill level, our generative AI assistant, Companion, equips individuals with different expertise levels to swiftly enhance their understanding, reducing the mean-time-to-understand and empowering them to independently make faster and more informed decisions.
The best part is users have complete control over when they utilise Companion's assistance, ensuring more experienced team members can continue their existing workflow seamlessly with or without support.
Lowering the barrier to entry for complex work enhances accessibility and improves your cybersecurity team’s output. When even junior analysts contribute more, faster, you can minimise the impact of the industry-wide cybersecurity skills shortage on your organisation.
Use case 1: Alert illumination and contextualisation
With predictive risk insights, in-depth native sensor coverage, and leading threat intel, the Trend Vision One platform delivers unprecedented understanding of your digital attack surface.
Companion works in harmony with the broader platform to revolutionise the way XDR alerts are handled by facilitating quicker understanding and more effective triaging, as well as contextualised AI-driven recommendations for security events.
Let’s consider an example of a complex multi-step, multi-layer attack. Previously, this volume of information could overwhelm an analyst with an excessive amount of data and information.
Now, a security analyst can easily prompt Companion for a plain-language summary of the event and receive a comprehensive breakdown explaining the attack, correlating the tactics and techniques, and surfacing the scope and impact to inform the analyst to immediately orchestrate an effective response, and inform new automated playbooks in the future.
Concurrently, Companion alleviates the requirement for tedious paperwork and reporting with automated email, help-desk ticketing, and incident reporting automation to streamline incident response workflows and save valuable time.
Use case 2: Developing search queries
When your team is stretched thin, it can feel impossible to control your cyber risk while keeping pace with emerging threat actor tactics and techniques. Companion can augment your existing team by automating repetitive tasks, reducing false positives, and pinpointing threat activity with greater accuracy.
Companion accelerates time-to-identification during threat hunts and helps analysts identify and respond to threat activity faster to stop a full breach from happening before it has the chance to materialise.
Mastering hunting queries and search languages can be challenging. Because of their complexity, analysts will often resort to simpler queries—which might overlook crucial insights and threats in your environment.
Using Companion’s plain-language interface, security analysts can now build sophisticated queries to hunt for threats with greater accuracy and with fewer errors. By transforming plain-language search queries into formal syntax, analysts at any skill level can now rapidly execute queries to return more accurate results. It’s a fast and effective way to level the playing field between your team and adversaries.
Use case 3: Understanding complex scripts
Adversaries often leverage ‘Living Off the Land’ tools to stealthily gain entry to your environment by using common and legitimate tools like PowerShell and Mimikatz. Attackers will encode scripts to hide and slow down response time during a breach. Companion can return the advantage to your team by autonomously investigating attacker scripts, decoding, and explaining each command line in plain language to enable fast and effective response when there’s no time to spare.
In the scenario of a PowerShell script, Companion can be prompted to analyse and break down the script into individual command lines, identify command line components, interpret the purpose, and intended action, and then generate a human-readable and user-friendly explanation.
Working in tandem with XDR, the analyst becomes rapidly aware of the potential threat implications and the necessary context to prioritise and respond—all with little manual effort.
With rapid analysis of attack scripts in plain language, Companion helps your team understand threats faster to stop attacks quickly and limit their scope. With insights and context from Companion’s deep analysis, your team will accelerate time-to-value from their investigations and bolster your environment against future attacks.
To learn more about Companion, join our webinar on June 28th at 11ET to hear the latest on this generative AI-powered assistant.