ThreatQ Platform for Threat Detection, Intelligence and Response

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)ThreatQuotient
Websitehttps://www.threatq.com/
Company size (employees)100 to 499
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

ThreatQ is the first platform for data-driven security operations. ThreatQ supports incident response, spear phishing, alert triage, vulnerability management, and serves as a threat intelligence platform.

The ThreatQ Platform and ThreatQ Investigations are designed to support the fact that incident response is a team sport. Starting with importing an event/investigation, incident responders can immediately assess what other research has been performed and by whom, what tasks need to be assigned, and how all the data relates. As the necessary responders from around the organization complete tasks and publish them to the larger incident canvas, the team progresses towards identifying patient-0 and re-arming the organization against the next wave of attacks.

Customer example: The US Department of Defense uses ThreatQ to manage the vast amounts of data they have access to, understanding relevance and priority, and effectively and efficiently taking action. A principal cyber security analyst shares: "ThreatQ has enabled us to organize our Cyber Threat Intelligence into a structured database that lets us use it in ways we previously could not. The consolidation and sharing of information related to each piece of intelligence and the automated ingest of many intelligence feeds has also increased the speed at which awareness is achieved throughout the organization. We continue to pursue new ways to further push the automation and integration of ThreatQ into other security products to further utilize the intelligence we obtain through ThreatQ.”

Brief Overview

ThreatQuotient believes that threat data and intelligence are the most valuable tools to detect, prevent, and respond to threats. To make use of this, however, organizations need an approach to security operations that relies on a single, systemic security architecture that supports all teams and use cases while continuously improving.

ThreatQuotient offers the ThreatQ Platform and ThreatQ Investigations that were purpose-built for threat detection, investigation and response, providing effective intelligence and data management as the basis for each of their solutions.

ThreatQ’s DataLinq Engine and Threat Library centralizes and prioritizes vast amounts of threat data from external and internal sources so that analysts can automatically determine the highly important items to hunt for within the environment. ThreatQ Investigations allows analysts to conduct investigations collaboratively to search for and compare indicators across infrastructure and find matches between high-risk IOCs and internal log data that indicate possible connections.

Detection today requires a breadth and depth of information from disparate systems and sources, with data and actions brought into a single view, so you can gain a comprehensive understanding of the threat you are facing and know what you must defend. The ThreatQ DataLinq Engine “connects the dots” across data from all sources to enable extended detection and response (XDR) internally and externally in an organization, including SIEM/SOAR, identity, feeds, cloud, ticketing, etc. so it can be analyzed and understood prior to taking a manual or automated response.

As a result of using ThreatQuotient’s solutions for process optimization, customers experience an ROI of 2-3 full-time employees (FTEs). ThreatQ’s ability to minimize adversary dwell time provides additional ROI of 3 to 4 FTEs.