ThreatConnect announces new Playbooks enablements to optimize the ability to make faster security decisions, automate processes, and improve reaction and response capacity.
“Our vision is a Platform that transforms the way that security professionals do their jobs,” CEO Adam Vincent said. “I’ve said this before…the only way to augment humans is to act like them. Humans use data to produce knowledge that becomes wisdom. That wisdom is the equivalent of our Intelligence and is what makes ‘sense-making’ possible in our platform. Then, we put that sense-making into action with orchestration, seamlessly from a single platform.”
Measurable decision making
The ThreatConnect Platform’s Playbooks capability allows a sequence of automated or human tasks, arranged as a process, to be configured as a playbook, executed to incorporate automated analytics or human workflows, and measured to support continuous improvement.
Now with the ThreatConnect Playbooks ROI Calculator, security teams have the ability to measure value. Metrics for savings made possible by Playbooks are assessed by tracking how long it takes a human to perform a task or series of tasks and then calculating how much time (or equivalent salary in dollars) is saved through the automation and orchestration.
Organizations can quantify the return on investment of their automation and orchestration activities for each playbook created — over a configurable time period.
Vincent said, “ThreatConnect Playbooks and other automation capabilities enable the refinement of data into relevant intelligence, and also leverage that newly created intelligence to inform decisions across the security team. As we strengthen our Playbook capabilities and features, we are helping security operations teams improve processes and thus improve the security of the business.”
ThreatConnect has also created Playbooks Components to enable security teams to bundle single elements from a process and easily re-use the elements in other playbooks. With Components, users have to build a process once, and then it becomes available for use in every other Playbook their team builds. Updates made to Components in one playbook will carryover into any other playbook, and users can also convert Playbooks they’ve already created into Components with a cloning option in the menu.
To meet the challenges of building playbook processes, analysts can now use the ThreatConnect Playbooks Debugger. With the Playbooks Debugger, playbooks, such as those that integrate with multiple third-party applications, can be optimized and done more simply.
In late Q3, ThreatConnect will offer more ways to manage Playbooks with the Playbooks Activity Monitor which will offer real-time monitoring across multiple Playbook Servers. Users will be able to see which Playbooks are running, what ran previously, and which Playbooks are scheduled to run next.
With this feature, enterprise security teams and managed service providers will be able to offer easier scaling and quality of service, for their ThreatConnect playbooks.
Since launching its SAO-enabled products in 2017, ThreatConnect has equipped companies worldwide in developing an intelligence-driven defense strategy into their security operations.