Investigation and Response Automation

ATAR combines cognitive automation, a cutting edge investigations service desk,
security orchestration and SOC KPIs & metrics in a single lovable package.


ATAR is a SOC investigations and response management platform featuring a programmable robot, analyst augmentation and an analytics engine.

You may offload most mundane and repetitive tasks to the ATAR robot and focus on what matters. We don't see a software replacing human judgment in the foreseeable future; however we envision that most incident response tasks could be off-loaded to software. We have customers who have offloaded up to 50% of their workload to the robot. ATAR can interrogate endpoints, configure firewalls, isolate computers in a network, lock user accounts; either temporarily or permanently.


ATAR also helps analysts by serving as their personal butler; gathering data & evidence to help facilitate faster analysis and taking remediation actions. The integrated service desk works as an incident management cockpit; using it can speed up investigation and response speeds 10-fold and allows multiple analysts to work on the same case, fostering collaboration.

By collecting data points across your whole SOC operations, ATAR comes bundled with a plethora of KPIs and metrics; SLA adherence, analyst performance and workload stats are among the most popular ones.

Automate repetitive
investigation & response activities

Yesterday’s manual attacks are now fully automated with malware; no human analyst can match the speed of an automated attack.
Also some "evil" happens more frequently then others. Why not offload automate repetitive investigation and response activities to the ATAR robot and focus on the more out-of-ordinary?

Volume & Speed

A typical organization gets more than 300 cyber alerts per day and investigating just one takes around 8 full hours. No SOC has enough staff to sift through all. Also, today’s malware driven attacks can start and end in less than 15 mere minutes; no SOC analyst can match this speed.
SOCs need automation to match the volume and speed of modern times. ATAR automation helps SOCs scale for good.

Manual Processes

There are just so many repetitive and manual investigation tasks in a typical SOC today. Malware alerts come in dozens, as is multiple failed logins etc. SOC analysts hate such mundane activities; at the end of the day, mundane is not exciting.
Offload such repetitive manual processes to ATAR, so your precious analysts can focus on more interesting, more out of ordinary cases and keep them excited.

Improve Analyst Efficiency

ATAR sports a unified investigations interface; like a cockpit for incident management and response. When analysts are working on cases on the ATAR interface, ATAR acts as a personal butler by fetching all data/evidence and taking actions on the analysts behalf with a single click. This unified investigations interface supercharges your analysts productivity by dramatically reducing the time required for a typical incident investigation and response.

Faster Investigations

Typical SOC analyst uses 15-20 different investigations and response tools. Instead of switching screens and logging in/out of these tools, ATAR provides a unified investigations interface to command & control them from a single console.
ATAR investigation console’s one-click evidence collection and one-click actions help decrease individual investigations from several hours to several minutes.

Error Free

ATAR investigations platform provides the notion of investigation scopes. ATAR extracts lists of relevant IPs, URLs, domains, usernames etc. about a particular incident as the investigation goes and puts them into an incident scope. Analysts are only allowed to further investigate and take actions on elements in scope. This stops many practical analyst errors like typos in entering IP addresses, URLs etc.


The investigation platform provides a collaborative working environment. An analyst to jump into a case later can review all previous activities, all data/evidence gathered and all actions taken. By fostering teamwork, ATAR’s investigation interface allows analysts to help one another to close more cases just faster.


ATAR records all analysts activities into an incident timeline. The timeline provides traceability to SOC processes. Any and all activities by either the ATAR robot or the analysts go into timelines and post-mortem reviews of cases can be run. This not only provides accountability and performance data but also helps internal and external auditors to review SOC processes. Most tools require admin privileges only a trusted group of SOC analyst are allowed access to them all.

SOC Analytics

When ATAR is used as the SOC operations platform, ATAR records all analyst activities and automated operations. This generates a big volume of operational intelligence data. Using data collected from SOC operations, ATAR provides KPIs and metrics that shows insight into how the SOC is being run and metrics on individual analyst performances.

KPI & Metrics

ATAR collects KPIs and metrics on SOC processes. These allow insight and guides better strategic decisions. Is your incident backlog growing or shrinking? Are you able to hit your differetiated SLAs? Which of your analysts are slower than others?

Single Pane of Glass

ATAR provides SOC managers with a single pane of glass to understand what is really happening. From charts to push to videowall screens to metrics for strategic decisions, ATAR quickly becomes indispensable for SOC Managers.

Business Value

Respond Faster

Playbook automation, one-click evidence collection and one-click actions increase defense agility.

Handle Repetitive Activities

Focus on what is more significant and let ATAR handle the repetitive activities. Hit SLAs and increase operator satisfaction.

Drive Down Costs

Achieve more with less operators, decreasing losses and driving down costs.


Atar Labs builds ATAR, industry's foremost security operations center management platform which covers automated response, analyst augmentation, collaborative investigations console and SOC KPI management.


2016 IT Architecture Awards

Best Datacenter Project of the Year

Startup İstanbul 2016

2nd Best Startup Company



Subscribe to our email newsletter to receive updates. - All rights reserved © 2018