ThreatQ 3.0 Adheres to Einstein’s 3 Rules to Streamline Threat OperationsPOSTED BY THOMAS ASHOFF
Einstein had three rules of work: 1) out of clutter find simplicity, 2) from discord find harmony, and 3) in the middle of difficulty lies opportunity.
We worked by these rules as we developed our new ThreatQ 3.0 platform.
Announced earlier this week, ThreatQ 3.0 solves the most common challenge we hear companies face – too much threat data and not knowing where to start. Without comprehensive context and priority, it is hard for security operators and threat analysts to identify a starting point for investigations. ThreatQ 3.0 solves this challenge with the following new capabilities:
- Out of clutter find simplicity. Not all threat data will provide the same level of value or hold that value over time. ThreatQ’s threat intelligence platform addresses the clutter of data overload with automated prioritization of intelligence based on customer-defined Prioritization is calculated across many separate sources, both external and internal, into a single opinion and removes the noise.
- From discord find harmony. This unified opinion with a single, transparent score alleviates operator confusion in the case where threat data is rated differently by various providers or is lacking context behind how the rating was determined.
- In the middle of difficulty lies opportunity. ThreatQ has the only self-tuning Threat Library, updating priority and relevance based upon the customer-defined parameters as more data and context comes into the system. With validated context and a stronger understanding of what data is the most relevant to their company, operators can cut through the noise, focus their investigations on the highest risk threats first, and improve their security posture. And that’s the real opportunity with threat intelligence.
ThreatQ empowers security operators and threat analysts to operationalize threat intelligence with fine-tuned controls. Threat data is operational based on user definition, not vendor definition. Teams maintain control over ‘how,” “when” and “where” intelligence is used. And it prevents tool over-subscription by deploying only the most important intelligence and preventing stale data from becoming active.
ThreatQ includes other powerful features to help you can get the most value from threat intelligence in your operations. For example:
- Spearphish Analysis – ThreatQ provides special parsing of email content to accelerate the analysis and response to spearphish events. Indicators and additional context are automatically added to the Threat Library to prevent similar attacks in the future.
- Signature Analysis – ThreatQ fully decodes a signature to extract all indicators and related contextual attributes. Access into all the intelligence contained in a signature helps you quickly understand the motivations and intent of the signature.
- Watch lists – User-defined watch lists let you track adversaries, indicators or events and monitor changes in status with a simplified view.
ThreatQ’s threat intelligence platform enables successful cyber threat operations and management by empowering teams to collaborate on intelligence, manage defenses across their infrastructure, and respond to threats. We’ll continue to work by Einstein’s three rules, as we lead the charge for customers who need faster, richer insights to make accurate decisions and improve their security posture.
ThreatQ 3.0 will be available in March 2017, but stop by our booth #S2812 at RSA Conference 2017 for a sneak peek.