Empowering Intezer’s AI Analyst to triage identity-based threats with new integrations, smart queries, and context-driven decisions—just like a human analyst would.
A Smarter AI Analyst
Our AI Analyst is evolving. With integrations for Microsoft Entra ID and Okta—the two largest identity providers—it’s now equipped to tackle identity-based threats with the precision and expertise of a seasoned SOC analyst. By leveraging context, asking questions, and making informed decisions autonomously, these updates take security operations to the next level.
These integrations mark a major milestone, bringing us closer to the vision of the Autonomous SOC — a security solution that offloads repetitive, mundane tasks like triaging large volumes of alerts. This allows security analysts to focus on critical priorities instead of chasing false positives. By automating workflows and reducing mean time to resolution (MTTR), Intezer empowers SOC teams to respond faster and smarter than ever before.
The Challenge: Complex and Time-Consuming Identity Alerts
Identity-related alerts—such as suspicious logins, impossible travel, or anomalous access attempts—demand in-depth investigation. Analysts must:
- Pull logs and query identity providers
- Cross-reference IP addresses, domains, and other artifacts against threat intelligence databases
- Contact users or managers and verify they recognize the activity
These time-intensive tasks slow down response times, increase MTTR, and drain resources, making it difficult for teams to focus on critical threats.
The Solution: AI-Driven Identity Alert Triage
Intezer’s AI Analyst integrates with identity providers like Entra ID and Okta to autonomously triage identity alerts. By combining smart queries, contextual data enrichment, and AI-driven decisions, it replicates the investigative approach of a human analyst, dramatically improving precision and response times.
Key Features:
- Smart Queries Against IDP Data: Automatically enrich alerts with user activity logs, domain permissions, and suspicious patterns directly from identity providers.
- Autonomous Decision-Making: Analyze the entire alert and its enriched data, correlate with similar activity, and leverage threat intelligence to distinguish acceptable uses (i.e. enterprise VPNs) from suspicious behaviors.
- Automated User Feedback Requests: Proactively contact users, managers, or security teams via email, Slack, or other channels to validate activity; incorporate their feedback directly into the decision-making process to ensure accurate and actionable outcomes.
Example Use Case: Impossible Travel Alert
An impossible travel alert is triggered when an employee’s credentials are used to log in from two geographically distant locations within minutes. Intezer’s AI Analyst automates the investigation in the following steps:
- Smart Queries pull recent login activity from the identity provider.
- The data is correlated with contextual information and cross-referenced against threat intelligence databases to determine whether or not the behavior aligns with normal patterns.
- If necessary, the AI Analyst contacts the employee or manager for validation via email, Slack, or other channels.
- Based on these findings the system proposes actionable next steps, such as:
- Flagging the activity
- Locking the user account
- Blocking suspicious IPs
- Escalating the case to the SOC team
Outcome: The AI Analyst autonomously determines whether the alert represents a true threat or a benign anomaly, reducing MTTR and enabling the SOC team to focus on higher-priority incidents.
A Holistic Upgrade: Identity Alerts and Beyond
Intezer’s new identity-based capabilities are part of a broader vision to deliver comprehensive, autonomous alert triage. The AI Analyst is continuously evolving to tackle a wide array of security challenges, ensuring adaptability and robust protection for modern SOCs.
Why This is a Game-Changer
- Analyst-Level Context: Alerts are enriched with critical data from identity providers, offering the same insights a human analyst would seek.
- Reduced MTTR: Smart queries and autonomous decisions streamline investigations, dramatically cutting response times.
- Smarter Collaboration: Automatic feedback requests enable users, managers, or security teams to validate activity without manual back-and-forth.
- Evolving Triage Workflows: Expanding capabilities make it easy to incorporate new data sources and workflows over time.
Experience Smarter Identity Threat Detection
Transform your SOC with Intezer’s AI Analyst.
See how identity provider integrations and automated alert triage can reduce your MTTR and improve your threat detection accuracy.
- Existing customers? Start integrating your identity provider today with step-by-step documentation or contact support for assistance.
- New to Intezer? Book a demo or sign up for a free account to see the AI Analyst in action.
The post Agentic AI Gets Smarter: Identity-Based Alert Triage with Context-Aware Security appeared first on Intezer.