ThreatQuotient анонсировала новую версию платформы для выявления и реагирования на угрозы безопасности ThreatQ

ThreatQ v5 supports the SOC of the Future with key data management capabilities. ThreatQ’s data-driven approach, open integration architecture and balanced automation empowers teams to work faster and more thoroughly when defending against evolving threats.

The SOC of the future uses a data-driven approach to improve efficiency, has an open architecture to ingest any data sources free of limitations, and enables balanced automation for teams to translate data-driven context to drive response, either natively using machine automation or with tooling for human analysts. Key updates available in ThreatQ v5 that support the SOC of the future include:

• DataLinq Engine that “connects the dots” across data from all sources, internal and external, in an organization, including SIEM/SOAR, identity, feeds, cloud, ticketing, etc. so it can be analyzed and understood prior to taking a manual or automated response. Actions can be taken through integrations with the tools security teams already use.
• ThreatQ Data Exchange provides improved flexibility and control over data shared between ThreatQ systems. Teams with separate instances of ThreatQ can collaborate by sharing IOCs, adversary, TTPs, etc. with one another. This increased data exchange provides more context for teams to do their jobs.
• Smart Collections provide improved analysis speeds by automatically and dynamically categorizing data. This is done through a process in which teams define key criteria in advance that automate how intelligence culled through data is enriched, curated, prioritized and expired.