NEW PRESS RELEASE: SOD Awarded $2.2 M Grant to Futher Develop AQ Technology | Click Here

Respond and Remediate Against Threats

Can you detect cyber threats early and then respond quickly?


"Time-to-Detection" is everything when detecting cyber threats. If you cannot detect threats early and then respond quickly, you are not getting the most out of your Threat Detection service or solution.

ThreatWatch RAR integrates seamlessly with Security On-Demand's ThreatWatch platform as an add-on service. Take back the control finding Threat hunting can reduce malware dwell time, the time between its discovery and a data breach.

Shortening that cycle can make all the difference. Potentially spending just a few hours of remediation compared to going out of business due to a full-on compromise.


ThreatWatch Response & Remediation (RAR) provides you with orchestration capabilities such as containment and quarantine actions. The RAR service allows the SOC to perform forensic examinations of endpoints and servicers that exhibit malicious activity and then to take action on the information that has been gathered during the investigation.

ThreatWatch RAR is provided as an add-on service to ThreatWatch and is provided as an enhancement to the core threat analytics service. The service is licensed based on the number of endpoint and server devices that are used to be included in the scope of the service. The endpoints and servers can be configured to use an agent-based or agent-less approach to taking orchestrated actions.

Beyond Log Management and Advanced Threat Detection capabilities, the Response & Remediation service includes the following:


ThreatWatch® RAR integrates hunting toolsets and methods with Security On-Demand’s proprietary correlation and behavioral analysis capabilities, such as machine learning-based artificial intelligence and supervised learning models that use behavioral analysis of attack patterns. As part of the RAR service, SOD will:

Correlate Such Activity With Logs, Alerts, And Other Information Received
Direction Arrows
Monitor The Alerts, Logs, And Output Provided By The Advanced Threat Hunting Activities
Direction Arrows
Validate The Threat As Part Of The Triage And Investigation Process
Direction Arrows
Tune And Provide Continual Feedback To Ensure That Normal System Behavior Is Baselined


Once the threat is assessed and validated, a risk and confidence score will be assigned to the anomaly as part of the investigation and appropriate action will be taken based on the Response and Containment Decision Matrix.

Companies that identified a breach in less than 100 days saved more than $1 million as compared to those that took more than 100 days. Similarly, companies that contained a breach in less than 30 days saved over $1 million as compared to those that took more than 30 days to resolve. (IBM 2018 Cost of Data Breach study)

Find and contain threats quickly with the Threatwatch RAR. DOWNLOAD the SERVICE OVERVIEW to learn more