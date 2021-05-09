ThreatQuotient has announced ThreatQ TDR Orchestrator, a new data-driven automation feature for more efficient and effective threat detection and response. This feature allows users to control what actions should be taken, when and why by using data.

ThreatQuotient is committed to data-driven automation for SOAR and XDR.

“The security industry’s approach to automation has overlooked the very different needs of detection and response use cases,” he says. Eutimio Fernández, director of ThreatQuotient Spain. “The focus of ThreatQ TDR Orchestrator is the data, not the process. In detection and response, what is learned by taking an action is much more important than the action itself. ThreatQuotient has taken the opportunity to define and deliver automation in a way that reduces complexity for security teams. “

With a shortage of security personnel, automation has become a key strategy to offload repetitive tasks and train humans to perform advanced security operations tasks more efficiently. To date, automation has been viewed as the definition of a process and the steps required to complete it. This approach ignores the fact that automation is much more than just executing the process. There are three important stages of automation that need to be defined and addressed:

1. Initiation – Define what actions should be taken and when they should occur.

2. Execution – Carrying out the defined course of action or process to completion

3. Learning – Record what has been learned to analyze it and improve future response

ThreatQ TDR Orchestrator puts “intelligence” on the platform and not on individual playbooks by using Smart Collections and data-driven playbooks. The application of Smart Collections and Data-driven playbooks allow for easier setup and maintenance, and provide a more efficient automation output. This approach further addresses the three stages of automation – Start, Run, and Learn – easily and efficiently by allowing users to sanitize and prioritize data in advance, automate only when relevant, and simplify actions taken. It can be used to complement other playbook capabilities through vendor ecosystem partners or users can define data-driven playbooks within the ThreatQ platform. To improve the “intelligence” of the platform, you will also capture what you have learned to improve data analysis, which in turn improves the start-up phase of automation.

ThreatQ TDR Orchestrator use cases include, but are not limited to, automating the following:

• Hunt down key threats as new intelligence is learned and record the results

• Deploy blocking and detection content on EDR (Endpoint Detection and Response) and network devices

• Enrich threat intelligence that meets complex criteria, including relationships

• Assign a user the task of patching a high priority vulnerability that is being used in relevant campaigns.