ThreatQuotient bets on data-driven automation for SOAR and XDR | News | Safety Explica .co – Explica

ThreatQuotient has announced ThreatQ TDR Orchestrator, a new data-driven automation feature for more efficient and effective threat detection and response. This feature allows users to control what actions should be taken, when and why by using data.

ThreatQuotient is committed to data-driven automation for SOAR and XDR.

The security industrys approach to automation has overlooked the very different needs of detection and response use cases, he says. Eutimio Fernndez, director of ThreatQuotient Spain. The focus of ThreatQ TDR Orchestrator is the data, not the process. In detection and response, what is learned by taking an action is much more important than the action itself. ThreatQuotient has taken the opportunity to define and deliver automation in a way that reduces complexity for security teams.

With a shortage of security personnel, automation has become a key strategy to offload repetitive tasks and train humans to perform advanced security operations tasks more efficiently. To date, automation has been viewed as the definition of a process and the steps required to complete it. This approach ignores the fact that automation is much more than just executing the process. There are three important stages of automation that need to be defined and addressed:

1. Initiation Define what actions should be taken and when they should occur.

2. Execution Carrying out the defined course of action or process to completion

3. Learning Record what has been learned to analyze it and improve future response

ThreatQ TDR Orchestrator puts intelligence on the platform and not on individual playbooks by using Smart Collections and data-driven playbooks. The application of Smart Collections and Data-driven playbooks allow for easier setup and maintenance, and provide a more efficient automation output. This approach further addresses the three stages of automation Start, Run, and Learn easily and efficiently by allowing users to sanitize and prioritize data in advance, automate only when relevant, and simplify actions taken. It can be used to complement other playbook capabilities through vendor ecosystem partners or users can define data-driven playbooks within the ThreatQ platform. To improve the intelligence of the platform, you will also capture what you have learned to improve data analysis, which in turn improves the start-up phase of automation.

ThreatQ TDR Orchestrator use cases include, but are not limited to, automating the following:

Hunt down key threats as new intelligence is learned and record the results

Deploy blocking and detection content on EDR (Endpoint Detection and Response) and network devices

Enrich threat intelligence that meets complex criteria, including relationships

Assign a user the task of patching a high priority vulnerability that is being used in relevant campaigns.

Go here to read the rest:

ThreatQuotient bets on data-driven automation for SOAR and XDR | News | Safety Explica .co - Explica