The ThreatQ Platform: Powering the XDR MovementMARC SOLOMON
In my previous blog, I talked about the integration imperative for Extended Detection and Response (XDR). Specifically, the need for a platform that serves as a single source of truth for more effective detection, and as a conduit for efficient response. ThreatQ is that platform.
The ThreatQ platform takes a threat-centric approach to security operations because we believe you cannot defend against what you do not understand. We have deep roots in threat intelligence management which position us perfectly to address the XDR use case of extended detection. What’s more, because threat intelligence is the lifeblood of security operations, our customers efficiently and effectively address multiple use cases from within the platform – spear phishing, threat hunting, alert triage, vulnerability management, and the other XDR use case of incident response.
ThreatQ aggregates and normalizes external and internal threat intelligence, augmenting it with internal event data and context. An automated scoring framework filters out noise prioritizes intelligence based on parameters users set and actions that intelligence either automatically or for human consumption. The platform also serves as organizational memory for learning and improvement. Teams and tools feed data, events and what has been captured, back to the platform. It stores and prioritizes the data collected from all investigations. Correlating detections over time, the platform can help identify a broader campaign versus viewing each incident independently so that teams can respond more quickly and accurately to an incident.
Because it supports bi-directional integration, the ThreatQ platform sends associated data back to the right tools across the security ecosystem for efficient response. An open, extensible architecture allows for strong integration and interoperability with existing tools – including that one product the XDR vendor may not be familiar with. Standard interfaces are used for ingestion and exporting, and custom connectors can be written and deployed within hours to connect to new data sources and security controls to address emerging threats.
Over the last several months, I’ve spoken with many vendors of all sizes in the security space as well as customers. One customer told me this week, we want to go with “Company X’s” XDR solution moving into 2021, but we need you to integrate with these five third-party products. I think this will be an ongoing problem for every company with an XDR project in 2021 or even 2022. Their main use cases will need additional integrations and I believe doing this through the ThreatQ platform is the way to solve this problem because the integrations are already done. Plus, it can also solve the problem of being an on-site collector for the XDR vendors with cloud-based solutions.
Any XDR solution needs data curation, the ability to work on-premises and the ability to integrate with the actual products that enterprises or MDRs are using. With a platform like ThreatQ, the XDR movement is poised for success. Enterprises will get more out of their existing resources – teams and tools – and XDR will deliver on its promise to enable high-quality detections faster and more efficient response.