ThreatQ Threat Intelligence Platform

Additional Info

CompanyThreatQuotient
Websitehttps://www.threatq.com
Company size (employees)50 to 99

Overview

ThreatQuotient believes threat intelligence is the glue that ties together disparate systems and teams, and that a threat intelligence platform is foundational to an enterprise’s overall security infrastructure. By creating a single source of truth, teams and systems have shared intelligence and can work in concert for coordinated response and truly integrated defense.

The ThreatQ platform ingests, normalizes, de-dups and correlates threat data and events from external and internal sources into a single Threat Library. It augments and enriches data with context to turn it into threat intelligence, and provides customer controls so a company can customize scoring and prioritization based on their risk profile and parameters they set. This reduces noise and false positives so that analysts can focus on real threats versus chasing ghosts.

ThreatQ enables a shared understanding to support both reactive use cases (ie, responding to events) as well as proactive use cases (ie, anticipating threats and orchestrating and synchronizing threat intelligence across systems).

As threat assessment is a continuous process, ThreatQ can automatically re-prioritize millions of indicators without requiring constant analyst intervention. This eliminates the need for a team of analysts to perform the typical tasks of the intelligence lifecycle. For example, relevant, prioritized intelligence can be automatically applied to detection tools. The result is process optimization with an ROI of 2-3 full-time employees (FTEs).

Similarly, by automating several historically manual, time-consuming and repeatable tasks, ThreatQ saves customers a significant amount of time. By deploying ThreatQ to provide structure to cyber intelligence and perform core workflows, organizations can regain the analytical productivity of between 6 and 9 full-time enterprise Security Operations Center (SOC) analysts.

As more data and learnings are automatically added to the Threat Library, ThreatQ recalculates and reevaluates priorities and threat assessments, continuously improving detection, intelligence and response.

How we are different

*Customer-defined Prioritization* – ThreatQ ingests, normalizes, de-dups and correlates threat data and events from external and internal sources into a single Threat Library. What we do differently is that we provide customer controls so a company can customize scoring and prioritization. When new data or context enters the system, from any source or feedback captured from current tools and teams, ThreatQ will automatically re-prioritize millions of indicators, adversaries, etc. This continuous threat assessment ensures that highest priority threats are identified, understood, acted upon and learned from to support proactive use cases, such as threat anticipation or hunting, and reactive use cases, such as triage and incident response.


*Deep integrations and ecosystem* – The ThreatQ platform integrates with all of an enterprise’s existing tools, some having more than 60 that need to work in concert, such as orchestration tools, SIEMs, endpoint software, multiple intel feeds and other processes. ThreatQuotient has over 200 product integrations in their technical alliance ecosystem, including feeds and systems. With ThreatQ, customers can keep their current methodology for managing and nurturing threat data, ultimately enhancing current security workflows, not creating new ones.


*Go to Market* – ThreatQuotient’s pricing and go to market models simplify the consumption of a TIP. Pricing is straight-forward without additional charges per integration or higher indicator counts. To address companies with less mature security operations we partner with MSSPs, jointly defining a threat intelligence service offering. We also provide comprehensive support and professional services.