“Crashing” through preconceived notions about TIPs – Announcing ThreatQ v2POSTED BY LEON WARD
When you’re part of a company that has a rhino for a mascot, you quickly learn that a group of rhinos is called a ‘crash.’ Pretty cool. As head of product management I’m extremely proud and excited about what this crash has accomplished with ThreatQ v2, announced today.
We’ve crashed through the notions of what a threat intelligence platform must be, creating a powerful foundation for cyber threat operations and management. It’s what’s needed to more effectively deal with advanced threats, the evolving methods used by threat actors, and the resulting large quantities of threat data. ThreatQ v2 is an open and extensible platform that empowers security professionals with customization, automation and integration. Customers can improve situational understanding, accelerate detection and response, and increase threat operations efficiency through greater team collaboration.
Based on feedback from customers and partners, v2 delivers on its promise to empower the human element of cybersecurity through new and enhanced innovations, including an integrated threat library, an adaptive workbench and open exchange:
- Threat Library – delivers a central repository of external threat data that is enriched and augmented with internal threat and event data to provide relevant and contextual intelligence that is customized for and tuned to a company’s unique environment.
- Adaptive Workbench – empowers analysts to strike the right balance of human intelligence and system automation across the intelligence lifecycle through customizable workflow, user-defined configuration and customer-specific enrichments.
- Open Exchange – extends the value of existing security investments with standard interfaces and an SDK/API for customization, integrating tools, teams and workflows to get the right intelligence to the right tools at the right time.
We’ve added more features to ThreatQ v2 to further reduce the noise created from a growing number of internal and external data sources and give analysts control to turn that data into intelligence that is accurate, relevant and timely for their business. These include: powerful unstructured and structured data processing, adversary tracking and linking and signature import/export. All of these data inputs automatically augment and enrich the Threat Library, allowing it to constantly refine itself to become more and more relevant over time.
In his one-year anniversary blog, our CEO, John Czupak, recommended you watch this space for more innovations. Today we unveiled the first threat intelligence platform (TIP) for Threat Operations and Management. I can’t wait to share what’s next when we see you at RSA.