threatq · • custom enrichment source for existing systems ... ids, ips, siem and other ......
TRANSCRIPT
ThreatQTM
THREAT INTELLIGENCE PLATFORM
EMPOWER THE HUMAN ELEMENT OF CYBERSECURITY
Strengthen your security posture with a threat intelligence platform designed to enable threat operations and management and arm your analysts with the intelligence, controls and automation required to protect your business, employees and customers.
PRODUCT BRIEF
IMPROVE SITUATIONAL UNDERSTANDING
ACCELERATE DETECTION AND RESPONSE
MAXIMIZE EXISTING SECURITY INVESTMENTS
ADVANCE TEAM COLLABORATION
Introducing the industry’s first threat intelligence platform (TIP) designed to enable threat operations and management. ThreatQ is the only solution with an integrated Threat LibraryTM, Adaptive WorkbenchTM and Open ExchangeTM that help you to act upon the most relevant threats facing your organization and to get more out of your existing security infrastructure.
PRODUCT BRIEF
Not All Intelligence Is Created Equal. ThreatQ accelerates the transformation of threat data into actionable threat intelligence by giving defenders unmatched control through a Threat Library, an Adaptive Workbench and an Open Exchange, to ensure that intelligence is accurate, relevant and timely to their business. With ThreatQ, users get more out of security resources: people and infrastructure.
TAILOR INTELLIGENCE TO YOUR SPECIFIC ENVIRONMENT
ACCURATE RELEVANT TIMELY
USERS WHO BENEFIT
From the board room to the SOC, executives and analysts alike can benefit from a threat operations and management program. Learn how ThreatQ provides solutions to users across the organization.
CISO
SECURITY OPERATIONS
INTELLIGENCE TEAM
INCIDENT RESPONSE
EXECUTIVE MANAGEMENT
VULNERABILITY MANAGEMENT
RISK MANAGEMENTTHREAT LIBRARY
Central repository of relevant and contextual intelli- gence customized for your unique environment.• Self-tuning• Structured and unstructured data import• Context from external + internal data• Custom enrichment source for existing systems
ADAPTIVE WORKBENCH
Customize the intelligence life cycle for proactive detection and response.• Automated, customer-defined prioritization• Unified opinion across all sources• Push-button operations• User-specific watch list widget
OPEN EXCHANGE
Open and extensible architecture enables a robust ecosystem.• Bring your own connectors and tools• SDK / API for customization• Standard STIX/TAXII support
THREAT LIBRARY
ADAPTIVE WORKBENCH
OPEN EXCHANGE
Given vast amounts of contextualized threat data from internal and external sources, the challenge is to make sure that it is accurate, relevant to your business, and timely enough to take meaningful action upon it.
THREE KEY PILLARS TO DELIVER THREAT OPERATIONS AND MANAGEMENT
PRODUCT BRIEF
LEADING USE CASES POWERED BY THREATQ
THREAT DATA
SHARING
CommercialGovernmentOpen SourcePrivateInternalAcademic
IndustryGovernmentPeers
E-MailDocumentsSneaker-NetUNSTRUCTURED
PREDICT, PREVENT,DETECT, RESPOND,
SHARE
COMMUNITIESNITIES
TICKETING
SENSOR GRIDSIEM
COM
LOGREPOSITORYOPEN
EXCHANGETMADAPTIVE
WORKBENCHTMTHREAT
LIBRARYTM
ThreatQTM
THREAT OPERATIONS AND MANAGEMENT
OPERATIONALIZE CYBER THREAT INTELLIGENCE ACROSS YOUR ORGANIZATION
HOW IT WORKS The most important part of your threat operations and management framework is the tool that brings it all together. ThreatQ delivers the first open and extensible threat intelligence platform to provide defenders the context, customiza-tion and collaboration needed for increased security effectiveness and efficient threat operations and management.
THREAT DATA AGGREGATION Combine, normalize and contextualize threat data
from both external and internal sources into single, customized Threat Library to be used by teams across
the organization.
THREAT DATA —> OPERATIONAL INTELLIGENCE Turn threat data into threat intelligence through
context and automatically prioritize based on user-defined scoring and relevance.
SPEARPHISHING Investigate spearphishing attacks and track over time
using the data to improve your defensive posture.
INTELLIGENCE PIVOTING Utilize campaign, malware and indicator knowledge to identify related attacks and adversaries that may
affect your operations.
BREACH INVESTIGATION Support scoping and remediation by correlating artifacts of an investigation with a Threat Library
of related indicators and context.
THREAT HUNTING Empower your teams to proactively search
for malicious activity that has not yet been identified by your sensor grid.
IMPROVE INCIDENT RESPONSE Global visibility to adversary tactics, techniques and procedures improves remediation quality,
coverage and speed.
STRENGTHEN SENSOR GRID Make firewall, IDS, IPS, SIEM and other devices smarter with the most accurate and relevant
threat data.
AUTOMATION AND ORCHESTRATION Provide threat intelligence to emerging security
automation and orchestration tools.
SECURITY OPERATIONS ROI Retrospectively evaluate your intelligence sources’ value, versus the relevance of their information to
incidents you experience.
OPEN EXCHANGE INTEGRATIONS
THREATQ SOLUTION ARCHITECTURE
Cisco UmbrellaCrowdStrikeCybercrime TrackerCybersponseDan.me.ukDigital ShadowsDomaintoolsDshield (Internet
Storm Center)Emerging ThreatsFarsight SecurityFidelisFireEyeFinancial ServicesFlashpoint
Guidance SoftwareIBM ResilientiDefenseIntel471iSight PartnersLogRhythmMalc0deMalware Domain ListMcAfeeThe Media TrustMISP Threat SharingMultiproxy.orgNH-ISACNothink.org
PaloAlto NetworksPhantomCyberPhishMeQualysR-CISCQRadarRecorded FutureRequest TrackerReservoir LabsRISIQRSA ReadyRSA NetwitnessSANSSNORT
Abuse.chAlien VaultArcSightBambanek
ConsultingBanduraBest PracticalBlocklist.deBlueLivBlutmagie.deBooz Allen HamiltonBro IDSCarbon BlackCisco AMP
Threat Grid
TECHNICAL SPECIFICATIONSDATA IMPORT FORMATSStructured & UnstructuredSTIX/TAXIIOpenIOCSnortSuricata JSONCSVPDFEMAILEML, EMLX, MSG
ANALYSIS TOOLSIntelligence DashboardsSpearphish ProcessingSignature ManagementPush-button OperationsCustom Enrichment Tool IntegrationsAdversary Tracking Custom Attributes and TagsCustom Workflow and StatusObject RelationshipsIntelligence Exports
THREAT DATA SOURCESIndustry Consortiums Government Agencies Commercial Providers Open Source (OSINT) Custom & Local
DEPLOYMENT MODESOn-premise and CloudOVA Customer-provided Hardware Dedicated Appliance
SoltraSourcefireSpamhausSplunkStealthWatchSymantecTenableThreat ReconThreat AnalyzerThreatBaseVirusTotalVXVaultWAPACK LabsWildfire
Ticketing SystemSIEM
DetectionSolutionsMalware
Specimens
Indicator Sightings Threat / Adversary Context and Enrichment
Logs / Alerts
Distribute Indicators / Signatures
Malware Analysis /Sandbox
Export Indicatorsfor Sharing
Log Repository
Incoming Feeds
Events Are Escalated
Threat / Adversary Context and Enrichment
Incident Information and Annotations
PRODUCT BRIEF
ABOUT THREATQUOTIENTTM
ThreatQuotient understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQTM, empow-ers defenders to ensure the right threat intelligence is utilized within the right tools, at the right time. Leading global
11400 Commerce Park Drive, Suite 200, Reston, VA 20191 • ThreatQ.com [email protected] • Sales and General Inquiries: +1 703 574-9885
companies are using ThreatQ as the cornerstone of their threat intelligence operations and management system, increasing security effectiveness and efficiency.
For additional information, please visit threatq.com.
Copyright © 2017, ThreatQuotient, Inc. All Rights Reserved.TQ_ThreatQ-Overview_Rev2