THREAT OPERATIONS AND MANAGEMENT
Introducing the industry’s first threat intelligence platform designed to enable threat operations and management. ThreatQ is the only solution with an integrated threat library, adaptive workbench and open exchange that help you to act upon the most relevant threats facing your organization and to get more out of your existing security infrastructure.
Improve Situational Understanding
Understand threats through context and adversary profiling, enabling defenders to anticipate threats and proactively update security posture.
Accelerate Detection and Response
Combine external and internal threat data to provide context and relevance, empowering better decision making and automated actions.
Maximize Existing Security Investments
Automate intelligence distribution to your existing sensor grid to ensure the right intelligence is delivered to the right tools at the right time.
Advance Team Collaboration
Enable your security teams to be more efficient and effective through greater information sharing and instantaneous knowledge transfer.
Interested? Get Your Free 90-day Trial.
MAKE BETTER DECISIONS BY FOCUSING ON WHAT MATTERS
Not all threat data will provide the same level of value to your threat operations. You need a threat intelligence platform that tunes itself continuously, prioritizing what is important and removing the noise that is not.
ThreatQ equips you with a threat library that automatically scores and prioritizes threat intelligence based on customer-defined parameters. Prioritization is calculated across many separate sources, both external and internal, into a single opinion using the aggregated context provided. This removes noise, reduces the risk of false positives and enables users to focus on the data that really matters.
- Reduce the noise associated with data overload
- Improve relevance via customer-defined scoring
- Understand relevance based on context and attributes
- Increase efficiency by knowing what to work on first
- Simplify operations through a uniform opinion calculated across all sources
OPERATIONALIZE WITH CONTROL
- Make threat data operational based on customer definition, not vendor definition
- Control “how,” “when” and “where“ intelligence is used
- Prevent tool over-subscription by deploying only the most important intelligence and preventing stale data from becoming active
*March 2017 availability.
KEY PILLARS TO DELIVER
THREAT OPERATIONS AND MANAGEMENT
On-Demand Intelligence for All
A central repository combining external and internal threat data to provide relevant and contextual intelligence that is customized for your unique environment. Over time, the library self-tunes, enabling situational understanding, better decision making and automated actions that accelerate your threat operations.
- Context from external + internal data
- Structured and unstructured data import
- Custom enrichment source for existing systems
Balance Automation and Human Intelligence for Proactive Detection and Response
Customer-defined configuration and integrations to work with your processes and tools. Customizable workflow and customer specific enrichment streamlines investigation and analysis and automates the intelligence lifecycle.
- Automated, customer-defined prioritization
- Unified opinion across all sources
- Push-button operations
- User-specific watch list widget
Open and Extensible Architecture Enables Robust Ecosystem
Import and aggregate external and internal data sources, integrate with existing enrichment and analysis tools, and export the right intelligence to the right tools at the right time. Get more from your existing security investments by integrating your tools, teams and workflows through standard interfaces and an SDK/API for customization.
- Bring your own connectors and tools
- SDK / API for customization
- Standard STIX/TAXII support
LEADING USE CASES POWERED BY THREATQ
Threat Data Aggregation
Combine, normalize and contextualize threat data from both external and internal sources into single, customized threat library to be used by teams across the organization.
Threat Data → Operational Intelligence
Turn threat data into threat intelligence through context and automatically prioritize based on user-defined scoring and relevance.
Investigate spearphishing attacks and track over time using the data to improve your defensive posture.
Utilize campaign, malware and indicator knowledge to identify related attacks and adversaries that may affect your operations.
Support scoping and remediation by correlating artifacts of an investigation with a threat library of related indicators and context.
Empower your teams to proactively search for malicious activity that has not yet been identified by your sensor grid.
Improve Incident Response
Global visibility to adversary tactics, techniques and procedures improves remediation quality, coverage and speed.
Strengthen Sensor Grid
Make firewall, IDS, IPS, SIEM and other devices smarter with the most accurate and relevant threat data.
Automation and Orchestration
Provide threat intelligence to emerging security automation and orchestration tools.
Security Operations ROI
Retrospectively evaluate your intelligence sources’ value, versus the relevance of their information to incidents you experience.
FLEXIBLE DEPLOYMENT OPTIONS
TO FIT YOUR NETWORK DESIGN
For maximum security, ThreatQ can be deployed solely on-premise, providing you complete control over your data.
ThreatQ can be deployed in public, private and hybrid clouds from leading service providers.
ThreatQ is available in software only OVA distributions for virtual machine deployment across major operating systems.
ThreatQuotient offers a family of dedicated appliances to meet your performance requirements.