ThreatQ 3.0: A threat intelligence platform with fine-tuned controls
ThreatQuotient announced new ThreatQ platform advancements, a robust Partner Integration Program and Professional Services offerings to answer industry demand to make threat intelligence operational within the context of a company’s specific environment.
“The industry has realized that the aggregation and sharing of threat data is not enough to succeed. Threat intelligence platforms need to do more to support the utility of threat intelligence as part of security operations,” said Leon Ward, Senior Director, Product Management, ThreatQuotient. “ThreatQ has been purpose-built to support the threat operations within a company. It is designed to help customers focus their resources on the high-risk items that are most pertinent to their business.”
Companies are being challenged by too much threat data, and without comprehensive context, it is hard for operators to identify a starting point for investigations. ThreatQ 3.0 solves this challenge through automated prioritization of intelligence based on customer-defined parameters. The platform combines and correlates data from multiple sources, both external and internal, and calculates a unified opinion with a single, transparent score. This unified opinion alleviates operator confusion in the case where threat data is rated differently by various providers or is lacking context behind how the rating was determined.
“ThreatQuotient can help organizations address major challenges for security operations and threat analyst teams by providing them with a platform for threat operations that can help them customize, prioritize and make use of their threat intelligence,” added Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group. “ThreatQuotient can enable organizations to achieve greater security, and foster improved, more effective collaboration across all teams that are part of the modern threat operations and IT environment.”
According to Gartner, “Threat intelligence platforms also aid the SOC in bringing in external threat landscape context in a more efficient manner and assist with incident response, threat forecasting and threat intelligence sharing, ingesting many flavors of threat intelligence and then actioning it.” Gartner, Inc., The Five Models of Security Operation Centers, Oliver Rochford, Craig Lawson, October 2015, Foundational December, 2016.
To address these challenges, ThreatQ has the only self-tuning Threat Library, updating priority and relevance based upon the customer-defined parameters, as more data and context comes into the system. With validated context and a stronger understanding of what data is the most relevant to their company, operators can cut through the noise and focus their investigations on the highest risk threats first. ThreatQ is the best platform to serve as the cornerstone for a company’s security operations and the use cases relying on threat intelligence.
ThreatQ enables successful cyber threat operations and management by empowering teams to collaborate on intelligence, manage defenses across their infrastructure, and respond to threats effectively. ThreatQ 3.0 will be available in March 2017.
Partner integration program
The power of the ThreatQ platform lies in its open, extensible architecture, allowing for strong integration and interoperability with existing infrastructure. ThreatQuotient’s new Partner Integration Program is a robust ecosystem that leverages the ThreatQ Open Exchange through an SDK, easy-to-use APIs and a set of industry-standard interfaces to integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.
ThreatQ allows both standard integrations and BYO connectors and the platform can easily enable more. Representative partners in the program include: Cisco, CrowdStrike, DomainTools, Farsight Security, FireEye, Flashpoint, Phantom, Recorded Future, Symantec, Verisign, VirusTotal and Wapack Labs. The full list of over 50 integration partners can be found here.
The company’s new Professional Services team will work with customers to assess, design, and build their threat operations program to fit their needs. ThreatQuotient, together with their channel and managed services providers, offers services designed to ensure that threat intelligence will be operational and optimally utilized within a company, including program assessment and definition, platform design and training, integrations training, and custom connector development and implementation.
“The ThreatQ platform is the driving force behind our threat operations. Its Threat Library and workbench are key capabilities our SOC analysts and other security tools used to identify what adversaries are involved on a given detected attack,” said Antonin Hily, MSSP Director, Sopra Steria. “Our day-to-day SOC activities are heavily focused on enriching the intelligence attached to our customer’s adversaries to provide our customers with a full understanding of the risk mitigated by our service.”