ThreatQuotient™
SST is a Channel Partner and VAR for ThreatQuotient. ThreatQuotient (ThreatQ) is a threat intelligence platform thatimproves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQ’s data-driven security operations platform helps teams prioritize, automate and collaborate on security incidents; enables more focused decision making; and maximizes limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. www.threatquotient.com
ThreatQ’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage and vulnerability prioritization, and can also serve as a threat intelligence platform. ThreatQ is headquartered in Northern Virginia with international operations based out of Europe and APAC. ThreatQ serves as an open and extensible threat intelligence platform that allows clients to automate the intelligence lifecycle, quickly understand threats, make better decisions and accelerate detection and response.
“ThreatQuotient’s ThreatQ platform seamlessly integrates with its customers’ existing technologies and tools, which allows ThreatQ to quickly self-adjust its threat library based on customer requirements. This makes ThreatQ the perfect platform for customers wishing to monitor and block threats despite any changing business circumstance. The integrated, self-tuning Threat Library, Adaptive Workbench, ThreatQ Investigations and Open Exchange allow clients to quickly understand threats, make better decisions and accelerate detection and response.
HOW THREATQ WORKS:
DATALINQ ENGINE™
Combine Threat Data from Any Source, Internal and External
Connecting disparate systems and sources, this adaptive data engine imports and aggregates external and internal data; curates and analyzes data for decision making and action; and exports the right intelligence to the right tools at the right time to accelerate threat detection and response.
- INGEST and aggregate structured and unstructured data via Marketplace apps, open API
- NORMALIZE automatically from different sources, formats and languages
- CORRELATE across atomic pieces of data to identify relationships, provide a unified view
- PRIORITIZE via customer controlled, dynamic scoring to ensure relevance and filter noise
- TRANSLATE data into the format and language necessary for consumption across systems
THREAT LIBRARY
Shared Contextual Intelligence by using ThreatQ as a threat intelligence platform, which equips clients with a threat library that automatically scores and prioritizes intelligence based on parameters you set. Prioritization is calculated across many sources, both external and internal, to deliver a single source of truth using aggregated context. This removes noise, reduces false positives and enables users to focus on the data that really matters.
- Extensible Data Model
- Consolidated view, unified opinion
- Automatically prioritize based on all sources
- Custom enrichment source for existing systems
- Define Smart Collections for workflows and automation
THREATQ INVESTIGATIONS
As industry’s first cybersecurity situation room, ThreatQ Investigations removes the collaboration and coordination inefficiencies that exist across security operations to accelerate detection and response. As the first cybersecurity situation room, it streamlines investigations and improves active collaboration among and across teams. Team leaders can direct actions, assign tasks and see the results unfold in near real time.
- Fuse together threat data, actions, and users
- Combine automation and human intelligence
- Accelerate investigation, understanding and response to threats
- Build incident, adversary and campaign timelines
- Drive down mean time to detect (MTTD) and mean time to respond (MTTR)
MARKETPLACE
By using an open and extensible architecture enables our clients a robust ecosystem. This allows our clients to get more from existing security investments by integrating tools, teams and workflows through standard interfaces and an SDK/API for customization.
- Bring your own connectors and tools
- SDK / API for customization
- Standard STIX/TAXII support
Improve the efficiency and effectiveness of existing security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. The platform starts with getting data in different formats and languages from different vendors and systems to work together. From there, it focuses on getting the right data to the right systems and teams at the right time to make security operations more data driven, efficient and effective. Below is the diagram for the ThreatQ platform.