ThreatQ Investigations

Additional Info

CompanyThreatQuotient
Websitehttp://www.threatq.com
Company size (employees)50 to 99

Overview

The industry is constantly driving to reduce MTTD (mean time to detection) and MTTR (mean time to respond) through automation. However, ThreatQuotient recognizes that acting fast alone is not enough; the key to successful security investigations is determining the right actions is taken faster than ever before. In April 2018, ThreatQuotient introduced ThreatQ Investigations, the industry’s first cybersecurity situation room designed for collaborative threat analysis, shared and accelerated understanding, and coordinated response.

ThreatQ Investigations allows real-time visualization of an investigation as it unfolds within a shared environment, enabling teams to better understand and anticipate threats, as well as coordinate a response. The solution, built on top of the ThreatQ threat intelligence platform, brings order to the chaos of security operations that occurs when teams work in silos, acting independently, inefficiently and unable to share intelligence and tasks easily. ThreatQ Investigations answers this industry challenge providing a single visual representation of a complete situation at hand, including what actions were taken, by whom and when.

The three pillars of ThreatQ Investigations are:

1) Accelerate Understanding: Instantaneously transfer knowledge and reduce mean time to detect (MTTD) and mean time to respond (MTTR).

2) Improve Collaboration: Streamline communication between analysts, responders and management; test theories prior to sharing with the group to ensure accuracy and relevance.

3) Coordinate Action: Know who was working on what and when and improve understanding of actions taken during an investigation.

Use cases for ThreatQ Investigations include: anticipation situations that accelerate understanding of emerging threats to update defense posture proactively; response situations that enable the right responses to be determined and acted upon faster than previously possible; and retrospective analysis to learn what can be improved in the future.

How we are different

1. ThreatQ Investigations accelerates understanding: Users can instantaneously transfer knowledge, reduce mean time to detect (MTTD) and mean time to respond (MTTR)


2. ThreatQ Investigations improves collaboration: it increases awareness among and across teams, streamlines communication between analysts, responders and management, and allows for testing theories prior to sharing with the group to ensure accuracy and relevance


3. ThreatQ Investigations coordinates action: users will know who was working on what incident or investigation and when, why certain actions were taken, and gain overall order to security operations and improved process efficiency