ThreatQ Investigations: Cybersecurity situation room accelerates security operations

ThreatQuotient launched ThreatQ Investigations, a cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response.

ThreatQ Investigations

ThreatQ Investigations allows real-time visualization of an investigation as it unfolds within a shared environment, enabling teams to better understand and anticipate threats, as well as coordinate a response.

The solution, built on top of the ThreatQ threat intelligence platform, brings order to the chaos of security operations that occurs when teams work in silos, acting independently, inefficiently and unable to share intelligence and tasks easily.

The industry is constantly driving to reduce MTTD (mean time to detection) and MTTR (mean time to respond) through automation. However, acting fast alone is not enough; the key is determining the right actions are taken faster than ever before. While it is now possible for organizations to prioritize and contextualize millions of threat data points, it is still difficult to work through what information is most relevant and determine the appropriate response.

Taking action requires individuals and teams working collaboratively to analyze and understand a threat, incident or situation before they can coordinate and automate their response with confidence and reliability. Quickly developing this shared understanding about a situation has been a considerable challenge. ThreatQ Investigations answers this challenge providing a single visual representation of the complete situation at hand, including what actions were taken, by whom and when.

“With different analysts and teams all working on parallel tasks, it is not uncommon to overlook key commonalities that exist. With ThreatQ Investigations, everyone taking part in an investigation is automatically able to see how the actions of others impact and further extend their own work,” said Leon Ward, VP of Product Management, ThreatQuotient. “ThreatQ Investigations fuses together threat data, evidence, users and actions into a single, shared environment. This unique interface drives collaboration between all parties involved in the investigation process.”

The dispersed nature of today’s security teams compounds the problem. ThreatQ Investigations streamlines global collaboration while also giving individuals the freedom to test theories prior to sharing with the group to ensure accuracy and relevance. Both those in technical roles performing analysis, and the decision-makers relying on the outcomes, will benefit from ThreatQ Investigations. Incident handlers, malware researchers, SOC analysts and investigation leads will all gain more control, be able to take the right steps at the right time and accelerate overall security operations.

“Like many organizations, NTT Security is continuously working on new and improved ways to enhance the collection of data from various sources, correlating and analyzing that data with NTT Security’s own threat intelligence, and then using it to proactively protect against the real-world threats we face every day,” said Jeremy Scott, Director, Global Threat Research, Global Threat Intelligence Center (GTIC), NTT Security. “ThreatQ Investigations enables our team to not only collaborate, coordinate and document investigations, but visually pivot through vast amounts of data to increase the effectiveness of our team and our analysis processes, ultimately providing stronger detections and threat intelligence for our customers.”

ThreatQ Investigations

ThreatQ Investigations action panel

ThreatQ Investigations leverages the existing capabilities provided by the ThreatQ platform and allows for the capturing, learning and sharing of knowledge. Use cases for ThreatQ Investigations include: anticipation situations that accelerate understanding of emerging threats to update defense posture proactively; response situations that enable the right responses to be determined and acted upon faster than previously possible; and retrospective analysis to learn what can be improved in the future.

Starting April 16, ThreatQuotient will be exhibiting at RSA Conference 2018 in San Francisco. Attendees can preview ThreatQ Investigations on the show floor at Booth 2601 in Moscone Hall South until April 20.

RSA Conference 2018