ThreatQ Platform’s DataLinq Engine and ThreatQ Data Exchange
Photo Gallery
ThreatQ Platform’s DataLinq Engine and ThreatQ Data Exchange
Additional Info
Company | ThreatQuotient |
Website | https://www.threatq.com/ |
Company size (employees) | 100 to 499 |
Overview
ThreatQuotient recently announced v5 of the ThreatQ platform, launching capabilities needed today to support the security operations center (SOC) of the future, where data is the foundation. According to ThreatQuotient, the SOC of the future uses a data-driven approach to improve efficiency, has an open architecture to ingest any data sources free of limitations, and enables balanced automation for teams to translate data-driven context to drive response, either natively using machine automation or with tooling for human analysts.
Key updates available in ThreatQ v5 include:
– DataLinq Engine “connects the dots” across data from all sources to enable extended detection and response (XDR), internal and external, in an organization, including SIEM/SOAR, identity, feeds, cloud, ticketing, etc. so it can be analyzed and understood prior to taking a manual or automated response. Actions can be taken through integrations with the tools security teams already use.
– ThreatQ Data Exchange provides improved flexibility and control over data shared between ThreatQ systems. Teams with separate instances of ThreatQ can collaborate by sharing IOCs, adversary, TTPs, etc. with one another. This increased data exchange provides more context for teams to do their jobs.
– Smart Collections provide improved analysis speeds by automatically and dynamically categorizing data. This is done through a process in which teams define key criteria in advance that automate how intelligence culled through data is enriched, curated, prioritized and expired.
ThreatQuotient also announced ThreatQ TDR Orchestrator in 2021, a new data-driven automation capability for more efficient and effective threat detection and response. With the shortage of security personnel, automation has become a key strategy to offload repetitive tasks and empower humans to conduct advanced security operations tasks more efficiently.
How we are different
ThreatQuotient provides data-driven automation to enable security operations teams to reliably trust the data and be confident in their decisions. The ThreatQ Platform and it’s latest updates empower teams to work faster and more thoroughly when defending against evolving threats.
The DataLinq Engine has five key steps to automate security processes within ThreatQ:
1. Ingest and aggregate structured and unstructured data via Marketplace apps and an open API.
2. Normalize data automatically from different sources, formats and languages into a single object.
3. Correlate across atomic pieces of data to identify relationships and provide a unified view.
4. Prioritize via customer-controlled, dynamic scoring to ensure relevance and filter noise.
5. Translate data into the format and language necessary for consumption and action across systems.
The data-driven approach to TDR Orchestrator is an innovative, alternative approach to automation versus the process driven approach from other vendors. TDR orchestrator enables users to control what actions are to be taken, when, and why through the use of data analytics to trigger specific actions vs running a playbook on all alerts, even if irrelevant.