01 May Syncurity and ThreatQuotient Up the Ante in Cyber SecOps
Security Automation and Orchestration Desperately Needed to Support Cyber SecOps
The topic of automation and orchestration is popular lately, and for good reason. Phishing still plays a role in over 90% of all breaches, according to Verizon, and Cisco reports that 44% of security alerts go uninvestigated due to the overwhelming amount of information received by security analysts. Though while these stats indicate a feverish pace of attack, Security Intelligence cites the length of time cybercriminals go undetected within a network averages 191 days.
Interoperability of Event-Based Case Management, Workflow Automation, and Threat Intelligence Platform is Essential
Given the frenetic pace of potential risks to evaluate and the increasing sophistication and stealth of cybercriminals and nation state actors, automated playbooks, guided investigations, and orchestrated response must be coupled with curated threat intelligence in an open, standards-based framework to be effective. More specifically, whether the workflow initiates with proactive hunting for IoCs, leveraging the extensive library of APIs from a SOAR platform, or reactive evaluation of alert risk based on threat intelligence curated within a threat intelligence platform (TIP), the interoperability between event-based case management, workflow automation and threat intelligence platforms is essential.
The Syncurity and ThreatQuotient Platform Integration Expands Cyber SecOps Threat Hunting, Threat Triage and Incident Response Capabilities and Use Cases
Using the ThreatQ Open Exchange Architecture, and the Syncurity standards-based Cyber Translation Framework, the two firms have developed a dynamic integration for a myriad of use cases across the threat hunting, triage and incident response spectrum. More importantly, by being independent of the wide variety of security and IT tools in use across the enterprise and service provider landscape, the joint ThreatQ-Syncurity solution buffers against vendor lock-in, and risk of limits on backward and forward version compatibility.
Solution Brief Download
A wide variety of use cases are supported with the combined power of Syncurity’s SOAR Platform and ThreatQuotient’s ThreatQ Platform, such as:
- Checking the existence of an indicator in ThreatQ and, if not present, add indicator to ThreatQ and, optionally, a ThreatQ watchlist.
- Enriching Alerts and actions within IR-Flow Alert Triage Playbooks from ThreatQ to decrease time spent convicting or acquitting an indicator.
- Bi-directional IoC updating between IR-Flow and ThreatQ for more accurate scoring, prioritization and quicker identification of true/false positives.
- Creating an associated event in ThreatQ from an incident in IR-Flow, enriching the incident with context from ThreatQ and informing the self-tuning Threat LibraryTM.
- Auto-escalating IR-Flow alerts into incidents based on known bad indicators and auto-close alerts based on known good indicators in alerts.
- Leveraging IR-Flow’s Triage Scoring EngineTM to rank unknown indicators as high priority automatically.
Gartner highlights the need for both strong TIP and Event-based automation and orchestration on top of a robust case management for both triage and incident response in their SOAR research. ThreatQ and Syncurity are delivering a unique, open and standards-based solution that maintains the independent status vital to successful on-going security operations. Learn more at threatquotient.com and https://www.syncurity.net/integrations.
White Paper: Reduce Phishing in the SOC
Ebook: Stop Drowning In Security Alerts
Whitepaper: Addressing Analyst Fatigue In The SOC
Syncurity’s award-winning IR Flow Security Operations and Incident Response Platform
IR-Flow Product Overview Datasheet (pdf)