ThreatQuotient ThreatQ Investigations

Additional Info

Company size (employees)100 to 499
Type of solutionSoftware


ThreatQuotient believes that threat data and intelligence are the most valuable tools to detect, prevent and respond to threats. It provides the context and foundational understanding that is needed for effective security operations. However, to make use of this, organizations need an approach to security operations that relies on a single, systemic security architecture that supports all teams and use cases while continuously improving. The ThreatQ platform, the first platform for threat-centric security operations, enables a shared understanding across teams and tools within an organization’s defense infrastructure.

Security operations teams use the ThreatQ platform to prioritize threat intelligence, quickly deploy threat data to existing sensor grids, and focus workflows to reduce time to detection (TTD) and time to response (TTR). ThreatQ supports multiple use cases including incident response, threat hunting, spear phishing, alert triage, vulnerability management and serving as a threat intelligence platform. It also supports future use cases by adapting to changing business needs.

By automating several historically manual, time-consuming and repeatable tasks, ThreatQ saves customers a significant amount of time. By deploying ThreatQ to provide structure to cyber intelligence and perform core workflows, organizations can regain the analytical productivity of between 6 and 9 full-time enterprise Security Operations Center (SOC) analysts.

ThreatQ’s ability to automatically re-prioritize millions of indicators without requiring constant analyst intervention also eliminates the need for a team of analysts performing the typical tasks of the intelligence lifecycle. This approach empowers analyst teams to determine their own risk levels and team priorities, and apply that configuration to all incoming intelligence and detection tools, leading to an unbalanced threat scoring standard. The result is process optimization with an ROI of 2-3 full-time employees (FTEs). However, ThreatQ’s ability to minimize adversary dwell time provides another ROI of 3 to 4 FTEs.

How we are different

ThreatQ’s top three differentiators are:

1) Customer-defined Prioritization – ThreatQ ingests, normalizes, de-dupes and correlates threat data and events from external and internal sources into a single Threat Library. What we do differently is that we provide customer controls so a company can customize scoring and prioritization. When new data or context enters the system, from any source or feedback captured from current tools and teams, ThreatQ will automatically re-prioritize millions of indicators, adversaries, etc. This continuous threat assessment ensures that highest priority threats are identified, understood, acted upon and learned from to support proactive use cases, such as threat anticipation or hunting, and reactive use cases, such as triage and incident response.

2) Deep integrations and ecosystem – ThreatQ is an open and extensible platform built on APIs to integrate with any system or tool. This architecture allows for deep integrations and bi-directional data sharing, enabling the orchestration, automation and synchronization of cyber threat intelligence across systems and teams.

3) Go to Market – ThreatQuotient’s pricing and go to market models simplify the consumption of a TIP. Pricing is straight-forward without additional charges per integration or higher indicator counts. To address companies with less mature security operations we partner with MSSPs, jointly defining a threat intelligence service offering. We also provide comprehensive support and professional services.