THREAT INTELLIGENCE PLATFORM
FOR STREAMLINED THREAT OPERATIONS AND MANAGEMENT
To understand and stop threats more effectively and efficiently, your existing security infrastructure and people need to work smarter, not harder. ThreatQ is an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning Threat Library™, Adaptive Workbench™ and Open Exchange™ allow you to quickly understand threats, make better decisions and accelerate detection and response.
Enrich Data with Context
Correlate external and internal data to gain context and determine relevance and priority.
Prioritize Based on Your Risk Profile
Automatically score and prioritize threat intelligence based on your parameters.
Accelerate Detection and Response
Automate aggregation, operationalization and use of threat intelligence across all systems and teams.
Collaborate Across Teams
Centralize threat intelligence sharing, analysis and investigation in a threat intelligence platform all teams can access.
BETTER DECISIONS, BETTER PROTECTION BY FOCUSING ON WHAT MATTERS
Not all threat data will provide the same level of value to your threat and security operations. You need a threat intelligence platform that tunes itself continuously, uses context to intelligently prioritize what is important and removes the noise that is not.
The ThreatQ threat intelligence platform equips you with a threat library that automatically scores and prioritizes threat intelligence based on parameters you set. Prioritization is calculated across many separate sources, both external and internal, to deliver a single source of truth using the aggregated context provided. This removes noise, reduces risk of false positives and enables users to focus on the data that really matters.
- Reduce the noise associated with data overload
- Improve relevance via customer-defined scoring
- Understand relevance based on context and attributes
- Increase efficiency by knowing what to work on first
- Simplify operations through a uniform opinion calculated across all sources
OPERATIONALIZE WITH CONTROL
- Make threat data operational based on customer definition, not vendor definition
- Control “how,” “when” and “where” intelligence is used
- Prevent tool over-subscription by deploying only the most important intelligence and preventing stale data from becoming active
THE PILLARS OF STREAMLINED THREAT OPERATIONS AND MANAGEMENT
Shared Contextual Intelligence
A central repository within the threat intelligence platform combines external and internal threat data to provide relevant and contextual threat intelligence that is customized for your unique environment. Over time, the library self-tunes, enabling situational understanding, better decision making and automated actions that accelerate security operations.
- Context from external and internal data
- Structured and unstructured data import
- Custom enrichment source for existing systems
Combine Automation and Human Intelligence for Proactive Detection and Response
The ThreatQ threat intelligence platform enables customer-defined configuration and integrations to work with your processes and tools. Customizable workflow and customer-specific enrichment streamline analysis of threat and event data for faster investigation and automates the intelligence lifecycle.
- Consolidated view, unified opinion
- Automatically prioritize based on all sources
- Continuous threat assessment
- Push-button operations using existing tools and processes
- User-specific watch list widget
Open and Extensible Architecture Enables Robust Ecosystem
Import and aggregate external and internal data sources, integrate with existing enrichment and analysis tools, and export the right intelligence to the right tools at the right time to accelerate detection and response. Get more from your existing security investments by integrating your tools, teams and workflows through standard interfaces and an SDK/API for customization.
- Bring your own connectors and tools
- SDK / API for customization
- Standard STIX/TAXII support
THREATQ SOLUTION LITERATURE
ThreatQ Threat Intelligence Platform
With ThreatQ, Security Analysts Can…
- Improve Situational Understanding
- Accelerate Detection and Response
- Maximize Existing Security Investments
- Advance Team Collaboration
THREATQ SOLUTION ARCHITECTURE
ThreatQ is an open and extensible threat intelligence platform, supporting both standard and custom integrations with feeds and security systems. Through these integrations the platform automates the aggregation, operationalization and use of threat intelligence across the entire security infrastructure, supporting multiple use cases, increasing security effectiveness and accelerating security operations.
THREAT INTELLIGENCE PLATFORM USE CASES
POWERED BY THREATQ
Threat Data Aggregation
Combine, normalize and contextualize threat data from both external and internal sources automatically into a single, customized and prioritized Threat Library to be used by teams across the organization.
Curated Threat Intelligence
Turn threat data into threat intelligence through context and automatically prioritize based on user-defined scoring and relevance. The ThreatQ threat intelligence platform provides a single source of truth.
Investigate spear phishing attacks and track over time using the data to improve your defensive posture.
Utilize campaign, malware and indicator knowledge to identify related attacks and adversaries that may affect your operations.
Support scoping and remediation by correlating artifacts of an investigation with a threat library of related indicators and context.
Pivot between a vulnerability, an IOC and an event to quickly stop threats that take advantage of known security weaknesses.
Empower your teams to proactively search for malicious activity that has not yet been identified by your sensor grid.
Improve Incident Response
Global visibility to adversary tactics, techniques and procedures improves remediation quality, coverage and speed.
Strengthen Sensor Grid
Make firewall, IDS, IPS, SIEM and other devices smarter with the most accurate and relevant threat data.
Retrospectively evaluate your threat intelligence sources’ value, versus the relevance of their information to incidents you experience. The ThreatQ threat intelligence platform can empower your team to scale through prioritization and automation.
FLEXIBLE DEPLOYMENT OPTIONS
TO FIT YOUR NETWORK DESIGN
For maximum security, ThreatQ can be deployed solely on-premise, providing you complete control over your data.
ThreatQ can be deployed in various cloud-based environments.
ThreatQ is available in software only OVA distributions for virtual machine deployment across major operating systems.
ThreatQuotient™ offers a family of dedicated appliances to meet your performance requirements.
Threat Intelligence Platform: Build or Buy?
Asking the eternal technology questions.