ThreatQuotient enhances data-driven automation capabilities

Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.

ThreatQuotient has introduced a new version of ThreatQ TDR Orchestrator, the industry’s first solution for a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, the continued innovation of ThreatQ TDR Orchestrator includes enhanced automation, analysis, and reporting capabilities that accelerate threat detection and response across disparate systems.

The latest research from ThreatQuotient, planned for full release later in 2022, shows signs that adoption of security automation is advancing, as budgets in this area are increasing for 98% of companies. The data also indicates that organisations have become more confident in automation itself, with over 88% of companies having some level of trust in automation outcomes compared to only 59% in the year prior. However, 98% say they have experienced problems during implementation. To support organisations with security automation solutions that are easier to use, cheaper than traditional automation tools and learn over time, ThreatQuotient has prioritised the development of ThreatQ TDR Orchestrator to enable more efficient and effective operations that can be directly measured by time savings and FTEs gained, improved risk management, and greater confidence when detecting and responding to an event.

The latest version of ThreatQ TDR Orchestrator offers the following benefits:

· Prioritise automation on the most important events/alerts with context from threat intelligence and other internal and external sources. A feedback loop captures results to improve the automation flow over time.

· Playbooks are easier to maintain as a result of Smart Collections which are used to abstract automation logic. Atomic Automation allows for immediate action when a complex response is not needed; and Automation Packs for vulnerability prioritisation, indicator enrichment, XDR, and more use cases coming soon, help users get started with common use cases quickly.

· Less training is required up front as a result of a no-code user interface which also delivers a lower total cost of ownership over time, and enables users to rely less on their organisation’s technical resources which can be a bottleneck (e.g. waiting for internal developers to work through their backlog and write the playbook automations requested).

“Leveraging automation to do the heavy lifting and cut through the noise is vital to helping cybersecurity teams thrive under pressure. ThreatQuotient continues to innovate in a way that drives meaningful operational benefits to customers,” says Leon Ward, Vice President of Product Management at ThreatQuotient. “Many process-based SOAR platforms are designed such that only security engineers and analysts have the skills necessary to use them directly; making these traditional platforms hard to implement and maintain which drives higher costs over time. This ThreatQ TDR Orchestrator release reinforces the need for no-code solutions that empower operators to adapt to dynamic threat landscapes faster, and focus their energy on security operations workflows that provide critical business context.”

In an environment where security operations employee turnover is high, ThreatQuotient’s platform is well suited for increasing the number of people who know how to develop and maintain automation playbooks. ThreatQ’s data-driven approach means that anyone with business context can understand and maintain workflows, making teams more nimble and resilient. Additionally, Atomic Automation works at the "atomic" or lowest level, allowing an analyst to automate a single action or string of a few simple actions without needing a complex playbook. This enables analysts to pull data or push actions without actually needing to pivot from UI to UI for each of the products involved.

The new ‘Skilled to Secure’ programme enables partners to build up their competencies and deliver the increased ROI on security investments that customers are demanding.
Purpose-built security data lake helps organizations aggregate, manage, and analyze log and event data to enable faster threat detection, investigation, and incident response.
Akamai Technologies has released a new State of the Internet report that indicates a growing risk to the financial services sector and a shift to more sophisticated techniques.
Companies of all sizes faced attacks, with malware representing 40% of CyberSOC (Detection and Response operation centers) incidents.
Senior cybersecurity professionals reveal their number one frustration is the inability to continuously measure enterprise-wide security posture and identify control failures.
Sophos has introduced Sophos Managed Detection and Response (MDR) with new 'industry-first' threat detection and response capabilities.
Research reveals today’s organizations face skyrocketing workloads, increasingly sophisticated threats, and poor threat visibility – leading to multiple breaches for 45% of them.
Organisations are feeling pressure as the potential for business disruption increases. With ‘freak’ weather causing data centres to overheat over the summer, and concerns over winter power outages in the face of the energy crisis, business resilience is in the spotlight - it’s become clear that we must expect the unexpected. By Russ Kennedy, Chief Product Officer at Nasuni.