Introducing

THREATQ TDR ORCHESTRATOR

Simplifying SOAR and XDR
by making them data-driven, open and efficient.

Changing the Security Operations Game
Summer 2021!

Another Industry First…

ThreatQ TDR Orchestrator is the industry’s first solution to introduce a simplified, data-driven approach to SOAR and XDR that accelerates threat detection and response across disparate systems, resulting in more efficient and effective security operations.

Key Benefits:

  • Easy to set up and maintain
  • Reduce playbook runs by 80%
  • Ensure output is relevant and high priority
  • Learn from the actions taken, and improve over time
TDR Orchestrator - Splunk

A Different Approach

The current approach to security automation and orchestration is born from a history of IT operations and process definition; it does not care what data is being processed. This is inefficient for detection and response needs for two key reasons:  

1) wasted time and resources . Playbooks are run on irrelevant and low priority data
2) if you put noisy data in, the result will be amplified noise out 

When applied to detection and response, process-focused playbooks require complexity which grows exponentially as you increase the number of playbooks.

Process driven vs Data driven Approach
ThreatQ TDR Orchestrator looks to simplify this through a data-driven approach which “puts the smarts into the platform” through data curation and extracts much of the complexity of process-driven playbooks. Update the platform once vs having to update dozens of playbooks. Also, by starting with the data, you can ensure high fidelity inputs before initiating a playbook, reducing the number of playbook runs and ensuring relevance and priority of actions taken.

How it Works:

When you analyze automation, you can simplify it into three key stages: Initiate, Run and Learn. When each stage functions correctly, it results in automation with higher efficacy and improved efficiency.

Initiate

Determine when an action should be taken, and/or what should have actions taken upon it.

Run

Perform the course of action or defined process through to completion.

Learn

Record what is learned for analytics and to improve future response.

Smart Collections

Control when actions should be taken by defining data driven triggers based on variables and characteristics.

Data Driven Playbooks

Run playbooks from 3rd party tools or create data driven playbooks within ThreatQ TDR Orchestrator.

Threat Library

Capture resulting data and context for automated tuning of the database and future analytics and improved triggering.

ThreatQ TDR Orchestrator is designed to simplify automation through unique capabilities of Smart Collections™, Data Driven Playbooks and the Threat Library, each which directly maps to the three stages within automation – Initiate, Run and Learn. While the solution maps to all three stages, the Initiate and Learn stages are where we are uniquely positioned.

Stay Up to Date!

Fill out the form below for news and information about ThreatQ TDR Orchestrator.