ThreatQ Integration with Polarity Gives Analysts Immediate Data Awareness and RecallPOSTED BY LIZ BUSH
One of the many capabilities that sets the ThreatQ platform apart from other security tools and technologies, is our large and adaptable set of integrations that allow you to easily customize ThreatQ to meet the requirements of your unique environment. Our Open Exchange includes a software development kit (SDK), easy-to-use application programming interfaces (APIs) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.
One of our latest integrations that I’m excited to tell you about is with Polarity.
The Polarity platform was created based on two core tenets – data awareness and data recall. Data tells a story and Polarity helps you see it, by combining everything your infrastructure knows about a specific datapoint – an IP address, a hash tag, a URL, etc. Polarity also automatically displays relevant information in real time on your screen, complete with annotations other users have made. Bringing awareness of that data to teams across the enterprise, it saves users the time of having to search for information and facilitates collaboration across teams and workflows for better analysis.
These capabilities are incredibly valuable and complementary to the ThreatQ platform which serves as a single source of truth, aggregating and normalizing data from the many external threat feeds you subscribe to and augmenting and enriching that global threat data with context from internal threat and event data. To reduce the noise, ThreatQ allows you to prioritize the data for relevance using customized risk scores based on parameters you set, instead of relying on the global risk scores some vendors provide. As new data and learnings are added to the platform, intelligence is automatically reevaluated and reprioritized allowing teams to focus monitoring and detection on high-risk threats.
Now imagine combining the power of ThreatQ and Polarity to easily bring that threat intelligence to all security team members across the company – SOC analysts, incident responders, threat hunters, and more. Say you’re conducting an investigation, or even just reading an email or research report that includes information about an indicator that is in your ThreatQ platform. That information is instantly available to reader. ThreatQ curates and stores threat intelligence and Polarity displays that intelligence directly on your screen, so you have the right data at the right time to make decisions and take action with precision and speed. What’s more, you can interact with the information in ThreatQ by adding attributes and comments to enrich the data even further.
To learn about the integration, watch the webcast with ThreatQuotient’s Chris Jacob and Dan Ramaswami from Polarity and download the datasheet.