Preparing for the SOC of the Future, Today? We’ve Got You CoveredLEON WARD
Last week, we announced v5 of the ThreatQ platform with capabilities needed today to support the security operations center (SOC) of the future. SOCs have been maturing and evolving into detection and response organizations, a transformation that Gartner anticipated back in 2013 and deemed a requirement for this decade. I’m proud that ThreatQuotient has consistently been at the forefront of innovating and delivering what the SOC of the future needs. ThreatQ customers and partners will benefit from capabilities foundational to this latest version of the platform. And capabilities in v5 were recently recognized by the Cybersecurity Breakthrough Awards for the value delivered to security teams.
When waging their battles against evolving attacks, we believe SOCs need the following key capabilities that empower them to work faster and more thoroughly.
It starts with a data-driven approach.
At ThreatQuotient, we have long believed that data is the lifeblood of security because it provides context from a wide range of internal and external sources, including threats, vulnerabilities, identities and more. When security is data-driven, teams have the context to focus on relevant, high-priority issues, make the best decisions and take the right action. Data-driven security also provides a continuous feedback loop that enables teams to store and use data to improve future analysis.
To make use of that data, the SOC of the future needs an open integration architecture.
Since the data that teams need for analysis is spread throughout the typical organization, bi-directional integrations enable teams to bring that data together in a common work surface. An open integration architecture provides the greatest access to data from technologies, threat feeds and other third-party sources. It also enables teams to drive action back to those technologies once a decision is made.
Automation needs to be balanced with human interaction.
With respect to security automation, the most effective way to empower teams is to apply automation to repetitive, low-risk, time-consuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, times-sensitive investigations are best led by a human analyst with automation simply augmenting the work. We call this balanced automation, where the balance between human and machine ensures that teams always have the best tool for the job, and a data-driven approach to both improves the speed and thoroughness of the work.
The new features in ThreatQ v5 that deliver these capabilities include:
- DataLinq Engine that “connects the dots” across data from all systems and sources, internal and external, in an organization, including SEIM/SOAR, identity, feeds, cloud, ticketing, etc. so it can be analyzed and understood prior to taking a manual or automated response. Actions can be taken through integrations with the tools security teams already use.
- ThreatQ Data Exchange provides improved flexibility and control over data shared between ThreatQ systems. Teams with separate instances of ThreatQ can collaborate by sharing IOCs, adversary, TTPs, etc. with one another. This increased data exchange provides more context for teams to do their jobs.
- Smart Collections provide improved analysis speeds by automatically and dynamically categorizing data. This is done through a process in which teams define key criteria in advance that enables how intelligence culled through data is enriched, curated, prioritized and expired.
The result? More efficient and effective security operations that can be directly measured by time savings and FTEs gained, improved risk management, and greater confidence when detecting and responding to an event.
I invite you to learn more about the ThreatQ v5 platform and register for the webinar, Building the SOC of the Future, on December 9, 2021. Join us in the cockpit of the SOC of the future and see ThreatQ v5 in action.