ThreatQTM

THREAT INTELLIGENCE PLATFORM

EMPOWER THE HUMAN ELEMENT OF CYBERSECURITY

Strengthen your security posture with a threat intelligence platform designed to enable threat operations and management and arm your analysts with the intelligence, controls and automation required to protect your business, employees and customers.

PRODUCT BRIEF

IMPROVE SITUATIONAL UNDERSTANDING

ACCELERATE DETECTION AND RESPONSE

MAXIMIZE EXISTING SECURITY INVESTMENTS

ADVANCE TEAM COLLABORATION

Introducing the industry’s first threat intelligence platform (TIP) designed to enable threat operations and management. ThreatQ is the only solution with an integrated Threat LibraryTM, Adaptive WorkbenchTM and Open ExchangeTM that help you to act upon the most relevant threats facing your organization and to get more out of your existing security infrastructure.

PRODUCT BRIEF

Not All Intelligence Is Created Equal. ThreatQ accelerates the transformation of threat data into actionable threat intelligence by giving defenders unmatched control through a Threat Library, an Adaptive Workbench and an Open Exchange, to ensure that intelligence is accurate, relevant and timely to their business. With ThreatQ, users get more out of security resources: people and infrastructure.

TAILOR INTELLIGENCE TO YOUR SPECIFIC ENVIRONMENT

ACCURATE RELEVANT TIMELY

USERS WHO BENEFIT

From the board room to the SOC, executives and analysts alike can benefit from a threat operations and management program. Learn how ThreatQ provides solutions to users across the organization.

CISO

SECURITY OPERATIONS

INTELLIGENCE TEAM

INCIDENT RESPONSE

EXECUTIVE MANAGEMENT

VULNERABILITY MANAGEMENT

RISK MANAGEMENTTHREAT LIBRARY

Central repository of relevant and contextual intelli- gence customized for your unique environment.• Self-tuning• Structured and unstructured data import• Context from external + internal data• Custom enrichment source for existing systems

ADAPTIVE WORKBENCH

Customize the intelligence life cycle for proactive detection and response.• Automated, customer-defined prioritization• Unified opinion across all sources• Push-button operations• User-specific watch list widget

OPEN EXCHANGE

Open and extensible architecture enables a robust ecosystem.• Bring your own connectors and tools• SDK / API for customization• Standard STIX/TAXII support

THREAT LIBRARY

ADAPTIVE WORKBENCH

OPEN EXCHANGE

Given vast amounts of contextualized threat data from internal and external sources, the challenge is to make sure that it is accurate, relevant to your business, and timely enough to take meaningful action upon it.

THREE KEY PILLARS TO DELIVER THREAT OPERATIONS AND MANAGEMENT

PRODUCT BRIEF

LEADING USE CASES POWERED BY THREATQ

THREAT DATA

SHARING

CommercialGovernmentOpen SourcePrivateInternalAcademic

IndustryGovernmentPeers

E-MailDocumentsSneaker-NetUNSTRUCTURED

PREDICT, PREVENT,DETECT, RESPOND,

SHARE

COMMUNITIESNITIES

TICKETING

SENSOR GRIDSIEM

COM

LOGREPOSITORYOPEN

EXCHANGETMADAPTIVE

WORKBENCHTMTHREAT

LIBRARYTM

ThreatQTM

THREAT OPERATIONS AND MANAGEMENT

OPERATIONALIZE CYBER THREAT INTELLIGENCE ACROSS YOUR ORGANIZATION

HOW IT WORKS The most important part of your threat operations and management framework is the tool that brings it all together. ThreatQ delivers the first open and extensible threat intelligence platform to provide defenders the context, customiza-tion and collaboration needed for increased security effectiveness and efficient threat operations and management.

THREAT DATA AGGREGATION Combine, normalize and contextualize threat data

from both external and internal sources into single, customized Threat Library to be used by teams across

the organization.

THREAT DATA —> OPERATIONAL INTELLIGENCE Turn threat data into threat intelligence through

context and automatically prioritize based on user-defined scoring and relevance.

SPEARPHISHING Investigate spearphishing attacks and track over time

using the data to improve your defensive posture.

INTELLIGENCE PIVOTING Utilize campaign, malware and indicator knowledge to identify related attacks and adversaries that may

affect your operations.

BREACH INVESTIGATION Support scoping and remediation by correlating artifacts of an investigation with a Threat Library

of related indicators and context.

THREAT HUNTING Empower your teams to proactively search

for malicious activity that has not yet been identified by your sensor grid.

IMPROVE INCIDENT RESPONSE Global visibility to adversary tactics, techniques and procedures improves remediation quality,

coverage and speed.

STRENGTHEN SENSOR GRID Make firewall, IDS, IPS, SIEM and other devices smarter with the most accurate and relevant

threat data.

AUTOMATION AND ORCHESTRATION Provide threat intelligence to emerging security

automation and orchestration tools.

SECURITY OPERATIONS ROI Retrospectively evaluate your intelligence sources’ value, versus the relevance of their information to

incidents you experience.

OPEN EXCHANGE INTEGRATIONS

THREATQ SOLUTION ARCHITECTURE

Cisco UmbrellaCrowdStrikeCybercrime TrackerCybersponseDan.me.ukDigital ShadowsDomaintoolsDshield (Internet

Storm Center)Emerging ThreatsFarsight SecurityFidelisFireEyeFinancial ServicesFlashpoint

Guidance SoftwareIBM ResilientiDefenseIntel471iSight PartnersLogRhythmMalc0deMalware Domain ListMcAfeeThe Media TrustMISP Threat SharingMultiproxy.orgNH-ISACNothink.org

PaloAlto NetworksPhantomCyberPhishMeQualysR-CISCQRadarRecorded FutureRequest TrackerReservoir LabsRISIQRSA ReadyRSA NetwitnessSANSSNORT

Abuse.chAlien VaultArcSightBambanek

ConsultingBanduraBest PracticalBlocklist.deBlueLivBlutmagie.deBooz Allen HamiltonBro IDSCarbon BlackCisco AMP

Threat Grid

TECHNICAL SPECIFICATIONSDATA IMPORT FORMATSStructured & UnstructuredSTIX/TAXIIOpenIOCSnortSuricata JSONCSVPDFEMAILEML, EMLX, MSG

ANALYSIS TOOLSIntelligence DashboardsSpearphish ProcessingSignature ManagementPush-button OperationsCustom Enrichment Tool IntegrationsAdversary Tracking Custom Attributes and TagsCustom Workflow and StatusObject RelationshipsIntelligence Exports

THREAT DATA SOURCESIndustry Consortiums Government Agencies Commercial Providers Open Source (OSINT) Custom & Local

DEPLOYMENT MODESOn-premise and CloudOVA Customer-provided Hardware Dedicated Appliance

SoltraSourcefireSpamhausSplunkStealthWatchSymantecTenableThreat ReconThreat AnalyzerThreatBaseVirusTotalVXVaultWAPACK LabsWildfire

Ticketing SystemSIEM

DetectionSolutionsMalware

Specimens

Indicator Sightings Threat / Adversary Context and Enrichment

Logs / Alerts

Distribute Indicators / Signatures

Malware Analysis /Sandbox

Export Indicatorsfor Sharing

Log Repository

Incoming Feeds

Events Are Escalated

Threat / Adversary Context and Enrichment

Incident Information and Annotations

PRODUCT BRIEF

ABOUT THREATQUOTIENTTM

ThreatQuotient understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQTM, empow-ers defenders to ensure the right threat intelligence is utilized within the right tools, at the right time. Leading global

11400 Commerce Park Drive, Suite 200, Reston, VA 20191 • ThreatQ.com Sales@ThreatQ.com • Sales and General Inquiries: +1 703 574-9885

companies are using ThreatQ as the cornerstone of their threat intelligence operations and management system, increasing security effectiveness and efficiency.

For additional information, please visit threatq.com.

Copyright © 2017, ThreatQuotient, Inc. All Rights Reserved.TQ_ThreatQ-Overview_Rev2