FAQs

Intezer’s Autonomous SOC platform monitors, investigates and triages security alerts for your team 24/7 using artificial intelligence. You can take a look inside the Intezer platform in our interactive product tour.

Using AI, automated analysis, smart recommendations, and auto remediation, Intezer saves your team from time wasted on false positives, repetitive analysis tasks, and too many escalated alerts.

Security Operations need to move away from relying on manual, people-based processes to leverage innovative technology for intelligent automation. This game-changing shift allows your people to avoid being overwhelmed, enabling your security team to focus on critical incidents and tasks that matter the most.

Intezer can connect and triage alerts from endpoint security products, SIEM tools, user-reported phishing pipelines, and SOARs. Intezer can also integrate with tools for case management, such as ServiceNow. 

Some of our most popular integrations are for CrowdStrike, SentinelOne and Microsoft Defender to automate endpoint security alert triage and response, using memory forensics and AI to deeply investigate evasive threats.

Intezer can also be interacted with and perform automated security operation tasks through our RESTful API and Python SDK.

Check out our full Integration list here.

Intezer’s clients include top brands like Adobe, Equifax, and other Fortune 500 companies, as well as MSSPs and mid-sized companies that use Intezer’s Autonomous SOC platform to triage alerts and fully automate their Tier 1 SOC processes. You can read more about how our customers use Intezer in our case studies.

In addition, Intezer caters to top threat intelligence and research teams, which frequently use Intezer’s best-in-class malware sandbox solution to analyze evolving and novel threats.

You can watch a quick recorded video demo of Intezer here.

You can also take a look inside the Intezer platform in our interactive product tour.

Trying out Intezer is easy! You have two options to access our solution for a trial period:

• Sign up for a free two-week trial account.
• Reach out to our team directly and we will be happy to assist you in setting up a tailor-made trial.

Intezer leverages propriety artificial intelligence models, a variety of trusted techniques, and unique Genetic Code Analysis technology. For crafting the bottom-line incident triage assessments, Intezer uses machine learning and AI models that take into account the multiple analysis results for each individual evidence alongside information from the user’s existing security tools. You can read more in our blog post here about Intezer’s AI Framework. 

Intezer’s automated alert triage process starts by collecting all evidence associated with an alert (file, process, command line, IP, URL, memory image, etc.), deeply analyzes each artifact, and then builds an overall assessment for the incident with smart recommendations. If you want to read more about the five stages in this autonomous process, you can check out our blog post about how the Autonomous SOC platform works.

This unique technology is one pillar of Intezer’s AI Framework. Operating under the evolutionary principle that all software (whether legitimate or malicious) contains some previously written code, Intezer’s proprietary Genetic Analysis technology searches for code similarities in order to identify any unknown software or code. Genetic Analysis works by dissecting any given file or binary into thousands of small fragments we call code genes. Intezer then compares these code genes to Intezer’s “genome database” which contains billions of code pieces from legitimate and malicious software. By identifying those connections and similarities, Intezer can definitively recognize trusted code, classify new variations of previously seen malware, and analyze never-before-seen threats. 

The two primary onboarding tasks are connecting your alert sources and then adding members of your team as new users to your Intezer account.

It takes a few minutes to connect a security tool as a new alert source in Intezer, using an API key with the necessary permissions. After adding your API key to Intezer, you should start seeing alert triage results in your dashboard within the hour. If you want to know more about getting started with Intezer, you can book a demo to talk with us about integrating Intezer into your tech stack and team’s processes.

Intezer provides a comprehensive alert triage assessment and AI-generated insights which includes:

• Verdict (True/False positive)
• Classification (malware family and/or threat actor)
• Risk level
• Recommended actions
• AI Insights and detailed information about the analysis of each piece of evidence that was collected

Read more

Intezer does not produce any alerts, so the technology doesn’t “produce” false positives either. Instead, we investigate your existing alerts from other security products in order to reduce the number of false positives you currently experience.  We automatically reduce an average of 97% of false positives with an accuracy of 99.7%.

Intezer analyzes those types of alerts and “suspicious behavior” with the following methods:

• AI analysis of the textual information from the alert
• Packaging and detonating a command line in a sandbox environment
• Collecting and analyzing any scripts that were executed using AI
• Conducting deep memory analysis on the suspected endpoint to identify any hidden code injections or other fileless threats

Read more

Intezer collects multiple types of evidence that are associated with the alert in order to conduct analysis and form an assessment, including collecting actual files and binaries from endpoints, command lines and parameters, process dumps, URLs, IPs and more.
Read more

Generally, Intezer aims to completely automate all SOC Tier 1 alert triage and response tasks. More specifically, it automates:

1. 24/7 alert monitoring
2. Evidence collection
3. Investigation of alerts and associated evidence
4. Alert triage and decision-making processes: Intezer automates the escalation and prioritization of security alerts
5. Noise reduction: Intezer automatically resolves false positives for you
6. Ticket enrichment: Intezer can enrich your tickets (ServiceNow, Jira, …) and your EDR alerts with valuable information to accelerate response
7. Recommending next steps and automated remediation: Intezer can guide you in determining the appropriate actions to take after detecting a security incident.

By automating these tasks and processes, Intezer enables security teams to unlock AI-powered capabilities, optimize their operations, reduce manual effort, and focus their expertise on critical activities.

Yes! For our Autonomous SOC customers, you can use the “Contact an Expect” button in Intezer to reach out for expert assistance from our team.

Unlike a SOAR that you’d use for case management and creating playbooks for repetitive operational tasks, Intezer’s AI-powered platform focuses on automating the decision making and investigation process of security alerts that is usually handled by human analysts. Read more

Unlike a Sandbox that detonates individual files, Intezer allows you to directly connect your security tools to triage high volumes of alerts automatically, using artificial intelligence to investigate multiple types of evidence (even fileless threats) and provide comprehensive assessments. Read more

Unlike outsourced SOC services which are primarily human-operated, Intezer is a SaaS platform that leverages artificial intelligence and advanced technology for alert monitoring and triage processes. This reduces the potential for human error and ensures a high level of accuracy and efficiency. Read more

While SOAR tools provide a great way to create automated workflows, they are not designed to automate complicated decision-making processes, such as alert triage, evidence collection and threat analysis — which typically require human involvement. Intezer offers a unique AI-powered solution to bridge those gaps and make the most out of any SOAR product. With our automated alert investigation technology and a simple webhook integration, we provide an easy way to incorporate smart AI decision making into your new or existing SOAR playbooks. Read more

Enterprise customers and Trial users data is private. Only manual uploads with Free user accounts are shared with the Intezer community as public analysis results.

At Intezer, we prioritize data protection and maintain rigorous security measures throughout our organization. We utilize leading cloud infrastructure and apply layers of defense to ensure data security, integrity, and privacy. Key controls include IT security, cloud security, application security, and organizational security. For a deep dive into our detailed security measures, please visit our Security page.

Yes, Intezer is SOC 2 Type II certified. This certification acknowledges our commitment to establishing and consistently following strict information security policies and procedures. To learn more about our SOC2 compliance and comprehensive security measures, please refer to our Security page.

Check out our pricing page or reach out to our sales team for more information about pricing and packages.