ThreatQ’s DataLinq Engine for Security Automation

Additional Info

CompanyThreatQuotient
Websitehttps://www.threatq.com/
Company size (employees)100 to 499

Overview

With the shortage of security personnel, automation has become a key strategy to offload repetitive tasks and empower humans to conduct advanced security operations tasks more efficiently. However, how do you automate across disparate systems and sources which each talk in their own language and format?

Enter Extended Detection and Response (XDR) – Gartner has defined XDR as solutions that “automatically collect and correlate data from multiple security products to improve threat detection and provide an incident response capability.”

To help organizations achieve XDR, ThreatQuotient has automated security data management in a way that reduces complexity for security teams. ThreatQuotient recently announced v5 of the ThreatQ Platform, launching capabilities needed today to support the security operations center (SOC) of the future, where data is the foundation.

ThreatQ’s newest features include a unique DataLinq Engine to automatically connect disparate systems and sources for extended detection and response and Smart Collections to automatically categorize and filter data for management and action.
More specifically, the DataLinq Engine has five key steps to automate security processes within ThreatQ:

1. Ingest and aggregate structured and unstructured data via Marketplace apps and an open API.

2. Normalize data automatically from different sources, formats and languages into a single object.

3. Correlate across atomic pieces of data to identify relationships and provide a unified view.

4. Prioritize via customer-controlled, dynamic scoring to ensure relevance and filter noise.

5. Translate data into the format and language necessary for consumption and action across systems.

There are several barriers preventing organizations from maximizing the benefit of automation, such as budget, prioritization issues, talent gaps, technology, trust concerns and more. The ThreatQ Platform and its latest automated capabilities empower teams to work faster and more thoroughly when defending against evolving threats.

How we are different

There are several barriers preventing organizations from maximizing the benefit of automation such as budget, prioritization issues, talent gaps, technology, trust concerns and more. ThreatQuotient provides data driven automation to enable security operations teams to reliably trust the data and be confident in their decisions.


The approach addresses all three stages of automation – Initiate, Run and Learn – easily and efficiently by enabling users to curate and prioritize data upfront, automate only when relevant, and simplify actions taken.


ThreatQ’s newest features include a unique DataLinq Engine for connecting disparate systems and sources to enable extended detection and response (XDR), Smart Collections for driving automation, and an enhanced ThreatQ Data Exchange for bi-directional sharing of data, context and threat intelligence.