ThreatQuotient launches data-driven approach to SOAR and XDR

Leader in security operations solutions continues industry-first innovations with a new platform capability to streamline and simplify automation and orchestration.

  • 3 years ago Posted in

ThreatQuotient has launched ThreatQ TDR Orchestrator, a new data-driven automation capability for more efficient and effective threat detection and response. This capability enables users to control what actions are to be taken, when, and why through the use of data. 

 

“The security industry’s approach to automation has overlooked the vastly different needs of detection and response use cases,” said Leon Ward, VP of Product Management, ThreatQuotient. “The focus of ThreatQ TDR Orchestrator is data, not process. In detection and response, what is learned when performing an action is far more important than the action itself. ThreatQuotient has seized an opportunity to define and provide automation in a way that reduces complexity for security teams.”

 

With the shortage of security personnel, automation has become a key strategy to offload repetitive tasks and empower humans to conduct advanced security operations tasks more efficiently. To date, automation has been looked at as defining a process and the steps needed to complete that process.  This approach ignores the fact that automation is much more than just running the process. In reality, there are three important stages of automation to define and address:

 

1.    Initiate - Define what should have actions taken upon it and when those actions should occur

2.    Run - Perform the course of action or defined process through to completion

3.    Learn - Record what is learned for analytics and to improve future response

 

ThreatQ TDR Orchestrator puts the “smarts” in the platform and not the individual playbooks by using Smart Collections™ and data-driven playbooks. The application of Smart Collections and data-driven playbooks provides for simpler configuration and maintenance, and provides a more efficient automation outcome. This approach further addresses all three stages of automation - Initiate, Run and Learn - easily and efficiently by enabling users to curate and prioritise data upfront, automate only when relevant, and simplify actions taken. It can be used to complement other playbook capabilities through ThreatQuotient’s ecosystem partners or users can define data-driven playbooks within the ThreatQ platform. To improve the platform “smarts”, it will also capture what has been learned to improve data analytics, which in turn improves the initiation stage of automation.

 

Use cases for ThreatQ TDR Orchestrator include but are not limited to automating the following:

 

•         Hunting key threats as new intelligence is learned and recording the results

•         Deploying blocking and detection content to EDR and network devices  

•         Enriching threat intelligence that meets complex criteria including relationships

•         Tasking a user to patch a high priority vulnerability that is being used in relevant campaigns

 

“Having high confidence in the data being used to trigger alerts is critical. ThreatQuotient’s approach to security operations ensures that teams remain focused on high-priority threats through automation and optimisation, achieving results such as freeing up multiple analysts for more important tasks,” Ed Amoroso, CEO and Founder, TAG Cyber. “ThreatQuotient’s data-driven approach to automation through ThreatQ TDR Orchestrator enables security teams to reduce the number of playbook runs and have confidence that the output is relevant and high priority.”


Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...