ThreatQuotient enhances data-driven automation capabilities

Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.

  • 2 years ago Posted in

ThreatQuotient has introduced a new version of ThreatQ TDR Orchestrator, the industry’s first solution for a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, the continued innovation of ThreatQ TDR Orchestrator includes enhanced automation, analysis, and reporting capabilities that accelerate threat detection and response across disparate systems.

 

The latest research from ThreatQuotient, planned for full release later in 2022, shows signs that adoption of security automation is advancing, as budgets in this area are increasing for 98% of companies. The data also indicates that organisations have become more confident in automation itself, with over 88% of companies having some level of trust in automation outcomes compared to only 59% in the year prior. However, 98% say they have experienced problems during implementation. To support organisations with security automation solutions that are easier to use, cheaper than traditional automation tools and learn over time, ThreatQuotient has prioritised the development of ThreatQ TDR Orchestrator to enable more efficient and effective operations that can be directly measured by time savings and FTEs gained, improved risk management, and greater confidence when detecting and responding to an event.

 

The latest version of ThreatQ TDR Orchestrator offers the following benefits:

 

·         Prioritise automation on the most important events/alerts with context from threat intelligence and other internal and external sources. A feedback loop captures results to improve the automation flow over time.

·         Playbooks are easier to maintain as a result of Smart Collections which are used to abstract automation logic. Atomic Automation allows for immediate action when a complex response is not needed; and Automation Packs for vulnerability prioritisation, indicator enrichment, XDR, and more use cases coming soon, help users get started with common use cases quickly.

·         Less training is required up front as a result of a no-code user interface which also delivers a lower total cost of ownership over time, and enables users to rely less on their organisation’s technical resources which can be a bottleneck (e.g. waiting for internal developers to work through their backlog and write the playbook automations requested).

 

“Leveraging automation to do the heavy lifting and cut through the noise is vital to helping cybersecurity teams thrive under pressure. ThreatQuotient continues to innovate in a way that drives meaningful operational benefits to customers,” says Leon Ward, Vice President of Product Management at ThreatQuotient. “Many process-based SOAR platforms are designed such that only security engineers and analysts have the skills necessary to use them directly; making these traditional platforms hard to implement and maintain which drives higher costs over time. This ThreatQ TDR Orchestrator release reinforces the need for no-code solutions that empower operators to adapt to dynamic threat landscapes faster, and focus their energy on security operations workflows that provide critical business context.”

 

In an environment where security operations employee turnover is high, ThreatQuotient’s platform is well suited for increasing the number of people who know how to develop and maintain automation playbooks. ThreatQ’s data-driven approach means that anyone with business context can understand and maintain workflows, making teams more nimble and resilient. Additionally, Atomic Automation works at the "atomic" or lowest level, allowing an analyst to automate a single action or string of a few simple actions without needing a complex playbook. This enables analysts to pull data or push actions without actually needing to pivot from UI to UI for each of the products involved.

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...