Chase detailed a scenario where automation plays a critical role: “For one of Diefnda’s clients, we have
            an alert that regularly fires that could be indicative of a very serious compromise…“. Specifically, he
            described an automated process tailored to minimize false positives, “…we found if certain very specific
            parameters are present the alert doesn’t need to be forwarded to a SEC OPS analyst“. We can now
            utilize that information to prevent the alert from moving to Sec Ops analysts with Difenda AIRO.

            Difenda AIRO is an Automated Incident Response and Orchestration engine that integrates into customer
            Microsoft Sentinel instance and works in collaboration with Azure automation services. It leverages threat
            enrichment,  auto-triage,  incident  scoring,  auto-response,  and  service  synchronization  to  enhance
            incident response capabilities and streamline security operations.

            Chase highlighted the practical benefits of automation with Difenda AIRO beyond high-concept ideas:
            “…there’s a lot of opportunities that you can have to just streamline your operations.” He emphasized the
            importance of such measures in terms of optimization and scalability, ”especially for someone that’s trying
            to manage this in-house, nobody wants to get 10 calls a night because there could be an attacker in and
            they have to manually review it.”



            How much efficiency via automation does it add?

            In  terms  of  quantifiable  impact,  automation  in  cybersecurity  has  been  shown  to  significantly  reduce
            response times to security incidents and minimize the likelihood of human error. Chase highlighted that
            “Integrating automation into OT security operations with Difenda AIRO has been shown to reduce alert
            investigations by up to 70% and reducing time to respond by 60% or more.”

            Kirsten also discussed a common challenge with parser protocols. “Every single OT environment I've
            ever been in has some sort of protocol that is either not recognized by the product or is proprietary.” With
            Defender for IoT, Kirsten explained that “we have the ability to create parsers to pull relevant information
            off the wire. Which allows you to not just look at your Rockwell and your Schneider, but have the ability
            to be able to pull asset data from other technologies as well.” Effectively enabling the security team to
            streamline operations across multiple technologies. Instead of relying on separate personnel, protocols
            or  tools  you  have  a  unified  approach  to  gather  and  analyze  asset  data.  This  integration  reduces
            complexity and enhances the team's ability to respond to security incidents promptly.



            How does Difenda’s services work for OT?

            Difenda's services are designed to address the unique security challenges faced by OT environments by
            supporting ongoing cyber program maturity.

            Difenda MXDR for OT provides comprehensive threat protection for all your diverse endpoints, IoT, OT,
            and  industrial  control  system  (ICS)  devices.  With  passive,  agentless  network  monitoring,  we  safely
            inventory all your assets without impacting infrastructure performance.










                                                                                                              35