On the heels of announcing the closing of $22.5 million in new financing as a result of strong performance in 2020, I’m proud of our team’s latest innovation that we’re announcing today, ThreatQ TDR Orchestrator is a new data-driven approach to SOAR and XDR that accelerates threat detection and response across disparate systems for more efficient and effective security operations. 

ThreatQ TDR Orchestrator comes at a time when the shortage of security personnel has become a fact of life for every security organization, and security operations centers (SOCs) are increasingly focused on detection and response. Automation is a key strategy to offload repetitive tasks and empower humans to conduct advanced security operations tasks more efficiently and effectively.

The current approach to security automation and orchestration has focused on automating processes. 

The challenge is that when applied to detection and response, process-focused playbooks are inherently inefficient and complex because the decision-making criteria and logic are built into the playbooks and updates need to be made in each playbook. This complexity grows exponentially as you increase the number of playbooks.

At ThreatQuotient, we have long believed that data is the lifeblood of detection and response automation. That is why data-driven playbooks are required, where the data, or information, should drive playbook initiation and data learned by actions taken is at the core of everything. We also believe that automation is more than just running processes. It involves inputs and outputs to processes as well to cover the full security lifecycle.

To eliminate the complexity inherent in traditional playbooks and drive all aspects of automation, ThreatQ TDR Orchestrator takes a data-driven approach across all three stages of automation:

1. Initiate: Define what should have actions taken upon it and when those actions should occur
2. Run: Perform the course of action or defined process through to completion 
3. Learn: Record what is learned for analytics and to improve future response

ThreatQ TDR Orchestrator puts the “smarts” in the platform and not the individual playbooks by using Smart Collections™, data-driven playbooks and the Threat Library. This provides for simpler configuration and maintenance, and a more efficient and effective automation outcome. Users can curate and prioritize data upfront, automate what’s relevant and simplify actions taken, and capture what has been learned to improve data analytics, which in turn improves the initiation stage of automation.

Whether you choose to use ThreatQ TDR Orchestrator to complement other playbook capabilities through our ecosystem partners or decide to define data-driven playbooks within the ThreatQ platform, you’ll be pleased with the results. You can reduce playbook runs by 80%, ensure output is relevant and high priority and learn from the actions taken to improve over time.  

ThreatQ TDR Orchestrator is exactly what today’s modern SOCs need to automate more advanced tasks like:

• Hunting key threats as new intelligence is learned and recording the results
• Deploying blocking and detection content to EDR and network devices   
• Enriching threat intelligence that meets complex criteria including relationships
• Tasking a user to patch a high priority vulnerability that is being used in relevant campaigns 

As SOCs are stepping up to the detection and response challenge and looking to automation to help ease the transition, ThreatQ TDR Orchestrator can help. It’s another major milestone as we deliver on our vision to apply threat intelligence to improve security operations and solve problems that aren’t really being addressed today. I couldn’t be more excited about the work our team is doing to bring you this solution. 

ThreatQ TDR Orchestrator will be available in 2022.