Automation & Response
What a SOAR platform should be.
SOAR connects disparate systems to orchestrate and automate response. Existing SOAR platforms have taken a process-driven approach to connect products within a workflow; however, for optimal detection and response a data-driven approach is needed to prioritize data and connect systems with that data. Automating and orchestrating noisy data just amplifies the noise.
- Simpler to set up
- Easier to maintain
- Uses fewer resources
- Reduce playbook runs by 80%
- Ensure output is relevant and high priority
- Learn from the actions taken, and improve over time
- Easy to configure and run with existing tools
A DIFFERENT APPROACH
The current approach to security automation and orchestration does not care what data is being processed. This is inefficient for detection and response needs for two key reasons:
1) Playbooks are run on irrelevant and low priority data, wasting time and resources
2) if you put noisy data in, the result will be amplified noise out
When applied to detection and response, process-focused playbooks require complexity which grows exponentially as you increase the number of playbooks being used.
COMPARISON BETWEEN PROCESS-DRIVEN AND DATA-DRIVEN
- All data is contextualized, Playbook run, if needed, is based on context
- Output is relevant and high priority, and far fewer for analysts to review
- Data captured for further analysis and improvement
- Takes ALL data inputs and runs ALL through playbooks
- Report/dossier for EVERY input, requiring analyst to review each one
- Output NOT captured or used programmatically
IT STARTS WITH THE RIGHT DATA
Confidence starts with
the Right Data
The right idea leads to
making can lead
HOW IT WORKS
Combine data from any source, internal and external.
Single source of truth for threat detection and response data and related context.
Automatically prioritize internal and external threat intelligence based on your parameters.
Define groups of data for specific action(s) based on variables and characteristics.
THREATQ INVESTIGATIONS ACCELERATES RESPONSE
Visualize and analyze results from automated actions. Collaborate and coordinate response when manual actions are needed to resolve investigations and incidents.
Leverage bi-directional integrations across your existing security solutions for automation, orchestration and response. ThreatQ supports an ecosystem of over 275 integrations, and provides an open API and easy-to-use tools for custom integrations.
WHAT A SOAR PLATFORM SHOULD BE
With ThreatQ serving as a SOAR platform, a company can unify its cybersecurity infrastructure and components into a single defense ecosystem, allowing them to accelerate security investigations, improve the mean time to respond to cyberthreats and increase ROI.
THE POWER OF THREATQ
The ThreatQ platform supports orchestration and automation within the following use cases:
Threat Intelligence Management
Turn threat data into threat intelligence through context and automatically prioritize based on user-defined scoring and relevance. Learn More>