ThreatQuotient has released a new version of ThreatQ TDR Orchestrator, the solution for a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, the continued innovation of ThreatQ TDR Orchestrator includes enhanced automation, analysis and reporting capabilities that accelerate threat detection and response across disparate systems.
The latest research from ThreatQuotient, planned for full release later in 2022, shows signs that adoption of security automation is advancing, as budgets in this area are increasing for 98% of companies. The data also indicates that organizations have become more confident in automation itself, with over 88% of companies having some level of trust in automation outcomes compared to only 59% in the year prior.
However, 98% say they have experienced problems during implementation. To support organizations with security automation solutions that are easier to use, cheaper than traditional automation tools and learn over time, ThreatQuotient has prioritized the development of ThreatQ TDR Orchestrator to enable more efficient and effective operations that can be directly measured by time savings and FTEs gained, improved risk management, and greater confidence when detecting and responding to an event.
The latest version of ThreatQ TDR Orchestrator offers the following benefits:
- Prioritize automation on the most important events/alerts with context from threat intelligence and other internal and external sources. A feedback loop captures results to improve the automation flow over time.
- Playbooks are easier to maintain as a result of Smart Collections which are used to abstract automation logic. Atomic Automation allows for immediate action when a complex response is not needed; and Automation Packs for vulnerability prioritization, indicator enrichment, XDR, and more use cases coming soon, help users get started with common use cases quickly.
- Less training is required up front as a result of a no-code user interface which also delivers a lower total cost of ownership over time, and enables users to rely less on their organization’s technical resources which can be a bottleneck (e.g. waiting for internal developers to work through their backlog and write the playbook automations requested).
“Leveraging automation to do the heavy lifting and cut through the noise is vital to helping cybersecurity teams thrive under pressure. ThreatQuotient continues to innovate in a way that drives meaningful operational benefits to customers,” says Leon Ward, Vice President of Product Management at ThreatQuotient.
“Many process-based SOAR platforms are designed such that only security engineers and analysts have the skills necessary to use them directly; making these traditional platforms hard to implement and maintain which drives higher costs over time. This ThreatQ TDR Orchestrator release reinforces the need for no-code solutions that empower operators to adapt to dynamic threat landscapes faster, and focus their energy on security operations workflows that provide critical business context.”, Ward continued.
In an environment where security operations employee turnover is high, ThreatQuotient’s platform is well suited for increasing the number of people who know how to develop and maintain automation playbooks. ThreatQ’s data-driven approach means that anyone with business context can understand and maintain workflows, making teams more nimble and resilient.
Additionally, Atomic Automation works at the “atomic” or lowest level, allowing an analyst to automate a single action or string of a few simple actions without needing a complex playbook. This enables analysts to pull data or push actions without actually needing to pivot from UI to UI for each of the products involved.