Got 12 Minutes? See ThreatQuotient and Cisco Integration in ActionPOSTED BY LIZ BUSH
If you haven’t seen it yet, I encourage you to check out this recent episode of ThreatWise TV – coverage and live demos of the latest developments in Cisco cybersecurity, hosted by Cisco’s Jason Wright. In this 12-minute episode our own Chris Jacob, Vice President, Threat Intelligence Engineering, sits down with Jason to discuss and demonstrate how ThreatQ and ThreatQ Investigations integrate with Cisco’s security portfolio, specifically Talos, Threat Grid and Umbrella.
Chris explains how the ThreatQ threat intelligence platform brings threat information from Cisco Talos into the Threat Library which, in turn, shares that information with the security operations center (SOC). If the SOC has a sighting, then information is sent back to the Threat Library. This additional context influences the scoring algorithm, increases the threat score and could result in any number of responses, for example automatically pushing a Snort rule out to update the intrusion prevention system and block the threat.
ThreatQ also integrates with Cisco’s Threat Grid malware analysis platform. Analysts can submit domains or malware samples directly to Threat Grid from the ThreatQ interface for analysis and receive information back directly to ThreatQ. Once again, this information could change the scoring algorithm and the threat score of the indicator, prioritizing it for further investigation and action. Chris also shows how ThreatQ uses Cisco Umbrella as an enrichment tool to zero-in on data that is high priority, and as an enforcement tool to immediately take action and add it to the Cisco Umbrella block list.
The demonstration also includes a look at ThreatQ Investigations. In the scenario, Talos has provided information on some malware that may have targeted an organization’s Chief Financial Officer. From the ThreatQ Investigations console, tasks are sent out to select analysts to do some investigation and determine what is happening. Findings are tracked on the digital evidence board so that all team members can see how the investigation is unfolding. If action is deemed necessary, Chris shows how ThreatQ Investigations allows you to start enforcing policies in a collaborative way across all security teams.
Watch the interview and demo now to see how the ThreatQuotient and Cisco portfolio of solutions integrate seamlessly from intelligence to action, to accelerate investigation and response and proactively block threats.