ThreatQuotient, Inc. - Experts & Thought Leaders

On the heels of a strong 2022 that resulted in multiple company growth records, ThreatQuotient™ is pleased to announce that the ThreatQ Platform was selected by Sysdig to help improve the Sysdig Threat Research Team’s detection rules and reporting as the volume of threat data and several sources continue to grow.  Real-time threat detection As a cloud and container security company with customers in more than 40 countries, Sysdig stops attacks with no wasted time. With Sysdig, teams can detect threats in real-time using machine learning, curated rules, and policies implemented by the Sysdig Threat Research Team. Sysdig’s deep runtime insight helps companies improve their security posture by focusing on the vulnerabilities, misconfigurations, and compliance gaps that create the greatest risk. ThreatQ Platform ThreatQ delivers effective threat intelligence management with support for different feeds After evaluating multiple security operations platform providers, Sysdig determined that the ThreatQ Platform with the DataLinq Engine met key criteria. It also delivered additional valuable capabilities, including effective threat intelligence management with support for different feeds, expiration of threat data, prioritisation of indicators, API-based integration, ease of export, and flexibility to adapt to the unique requirements of the cloud. Use-case-driven approach “Our use-case-driven approach to the evaluation process pointed us to the ThreatQ Platform to help us achieve our goals and demonstrate value back to the organisation quickly,” said Michael Clark, Director of Threat Research at Sysdig. “With the ThreatQ Platform, we can scale our threat research capabilities now and in the future. Whether that’s bringing in additional sources of intelligence, adding rules, or the addition of ThreatQ Data Exchange to share data across different teams.” Benefits As a result of using the ThreatQ Platform, Sysdig’s threat research team gains the following benefits: Additional context-rich detection rules Threat detection rules can be created and fine-tuned faster with data from an expanded number of sources enriched with more context, resulting in better detections for customers. This is particularly important given the current geopolitical climate and rapidly evolving threat landscape. Time saved for the Threat Research Team The ThreatQ Platform automates tasks including data aggregation, deduplication, and normalisation. Additionally, based on parameters set by Sysdig Threat Research Team, the platform also automates enrichment, scoring, prioritisation, and expiration, which saves time and reduces noise. Simplified and enhanced threat intelligence reporting Visualisations make it easier for the team to analyse and report on what they see and share their intelligence with the broader security community with compelling graphics. Flexible and extensible architecture ThreatQ Platform’s extensible architecture stands out for facilitating maximum control, efficiency, and speed" “Technology vendors and experienced software developers naturally consider build versus buy when exploring solutions for their security operations needs. Time and time again, we see the ThreatQ Platform’s flexible and extensible architecture stand out as an important factor for facilitating maximum control, efficiency, and speed,” said John Czupak, President and CEO, ThreatQuotient. “I am also proud that the expertise and responsiveness of ThreatQuotient’s team shine through during evaluation periods and beyond as a significant factor for selection. As a business, we have our sights set on new goals for 2023 after a successful 2022, which included the largest deals in company history and a variety of industry award wins that reinforce ThreatQuotient’s position as a market leader in security operations.” ThreatQuotient ThreatQuotient performed extremely well in 2022, delivering the largest bookings year in company history, highlighted by 100% growth in the MENA region and customer expansion to a total of 34 countries. ThreatQuotient further delivered on its platform vision to include the ThreatQ TDR Orchestrator module. This resulted in record sales in just two-quarters of general availability. ThreatQuotient was also recognised for a company culture of excellence as a 2022 Top Place to Work by the Washington Post, as well as for technology innovation as a finalist in the 2022 CRN Tech Innovators programme and Expert Insights’ 100 Innovative Cybersecurity Companies list.

ThreatQuotient™, a security operations platform innovator, announces enhancements to their professional services offering, including new Assessment and Consulting Services. First launched in 2017, ThreatQuotient’s global Professional Services team has continuously evolved to meet and exceed the changing needs of organisations at all levels of security operations and threat intelligence maturity. By providing the core capabilities to assess, design and build a threat-centric security operations function, ThreatQuotient is enabling organisations to transition from traditional signature-based monitoring, detection and response to an external, threat-focused program. Threat intelligence and operational cybersecurity At ThreatQuotient, we know building a security operations program is hard" “At ThreatQuotient, we know building a security operations program is hard, and building one that is threat-centric is even more difficult. Our team is here to help at every stage – from assessing whether a company will get value out of a threat intelligence program, all the way to helping the most mature and sophisticated teams diversify their use cases,” said Jonathan Couch, SVP Strategy, ThreatQuotient. “With over 50 years of combined commercial and government threat intelligence and operational cybersecurity experience on the services leadership team, we are uniquely qualified and positioned to tailor solutions that meet the distinct needs and demands of an organisation’s security operations.” In addition to the current services of implementation, training and development, ThreatQuotient now offers consulting services that range from an initial assessment of current threat intelligence capabilities, to more in-depth and long-term process development. Threat hunting and vulnerability management The ultimate goal is to mature a program to the point that a team can confidently address specific use cases like spearphishing, threat hunting and vulnerability management. ThreatQuotient’s services can educate new cyber intelligence teams, refocus teams onto specific classes of threats, and operationalise an intelligence practice. ThreatQuotient’s Professional Services also guide the development of a strategic plan, which embeds threat intelligence within all functions of security operations, by taking into account stakeholder analyses, risk identification and a one to three year growth plan. In addition, ThreatQuotient enables security executives to leverage the application of global threat intelligence to communicate effectively with their business leadership. Creating automated workflows ThreatQuotient will help organisations seamlessly deploy the ThreatQ platform into their ecosystem ThreatQuotient will help organisations seamlessly deploy the ThreatQ platform into their ecosystem, however, companies do not have to be users of the platform to take advantage of ThreatQuotient’s services to mature their operations and learn how to implement threat intelligence. ThreatQuotient’s experts can provide additional support to create automated workflows, develop and/or map attributes against data sets or feeds, auto-enrich indicator sets, or provide specific deployment actions against intelligence. For example, since first integrating with MITRE ATT&CK in early 2018, ThreatQuotient has helped customers adopt and integrate the framework into their workflows to achieve a holistic view of their organisation’s specific attack vectors and what needs to be done to effectively mitigate those attacks and defend against adversaries. Cyber risk management programs “ThreatQuotient’s services team uses best practices for threat intelligence and training to consult on applying the right processes and workflows, accelerating detection and response, and integrating ThreatQ with each enterprise’s unique ecosystem of pre-existing technologies to extend the architecture of their security operations,” said Anthony Perridge, VP International, ThreatQuotient. “With our new assessment service, ThreatQuotient extends to help organisations that are new to threat intelligence answer an important but difficult question – are we ready to get value from a cyber threat intelligence program? If they are not, we can work to get them ready and help set up the people, processes, and technologies necessary to integrate intelligence into security operations and cyber risk management programs.”

How does one improve an already mature and reliable offering? For Airbus Cybersecurity, the answer was to enrich the threat intelligence service it had been offering customers since 2011 with contextual information at scale. “Since 2011, our threat intelligence service has worked very closely with our incident response teams. Among other things, this has allowed us to be very relevant and responsive when it comes to tracking attackers,” explains Julien Menissez, Product Manager for Managed Services in Europe at Airbus Cybersecurity. Other indicators of compromise This proximity has paid off, enabling the service to better contextualise alerts that would otherwise remain purely technical, such as lists of IP addresses and other indicators of compromise (IoCs). Technical alerts are effective in blocking specific attacks, often in an automated way. However, when they are enriched with relevant, contextual information they can become real decision-making tools allowing security analysts to answer questions, such as: What do we know about the attacker’s current targets and campaigns? Are we a potential target for this group in particular? We first worked with flat files, and then we deployed MISP interfaces for our customers" In theory this is attractive, but to deliver this in practice Airbus Cybersecurity needed to be equipped to offer a robust, industry-ready service. “In 2015, we decided to create a dissemination offering that would allow customers operating their own SOC to benefit from this increased information. We first worked with flat files, and then we deployed MISP interfaces for our customers,” continues Julien. Malware Information Sharing Platform MISP (Malware Information Sharing Platform) is a must in the world of threat intelligence. Available as a free solution, MISP facilitates the sharing of IoCs between researchers. But before IoCs can be shared, they must be acquired and consolidated. This is where things get complicated.  Julien recalls, "MISP is very good for dissemination, but ingestion is not simple! We were forced to use many other open source tools in parallel, requiring a lot of scripting and manual operations before delivering the information to our customers, while remaining within the timeframes allowed by our SLAs.” The dissemination service became so successful, that the load on the Airbus Threat Intelligence team increased dramatically. As customers demanded more and more context and richer information, beyond what MISP can do with its tagging and commenting functionalities, it quickly became clear that a manual approach could not be scaled up. Fewer technical manipulations The Airbus Cybersecurity team then decided to research a new "cyber-intelligence back office" -- a tool capable of natively managing concepts such as the freshness of information, reliability, context, and related data. "We quickly saw in ThreatQuotient the vendor best suited to our needs. We shared the same vocabulary (coming from the defence sector). The ThreatQ platform met our criteria, and the technical level of the ThreatQuotient subject matter experts was excellent,” explains Julien. Airbus has gone from weekly information delivery to continuous information delivery" The deployment of ThreatQ allows Airbus Cybersecurity to meet their goals. “We can now deliver the same service and the same knowledge, with the same quality as before, but much more quickly and with far fewer technical manipulations,” details Julien. “And, obviously, it’s our customers who benefit. Airbus has gone from weekly information delivery to continuous information delivery.” Threat intelligence feeds Better still, for slightly more mature customers, who do not yet operate their own SOC, but still have an internal CSIRT team, the Airbus team can now offer an optional tool capable of helping them capitalise on their knowledge. The knowledge acquired during the customer’s internal investigations is seamlessly integrated into the ThreatQ platform to enrich the information delivered back to the customer via the Airbus service. The ThreatQ platform is completely complementary to an existing MISP solution, allowing the customer to build up their own knowledge base adapted with their context. Customers also have the freedom to change their threat intelligence feeds and sources at any time, since they will keep all of their data within the ThreatQ Threat Library and therefore all the knowledge acquired by their CSIRT. Better responsiveness in times of crisis ThreatQ allows us to offer a richer threat intelligence service, with more context, but also faster" The ThreatQuotient solution allows Airbus Cybersecurity analysts to respond better and faster to customer requests. “Most SOCs work with a workflow system to investigate IoCs collected during an incident. It is often a manual process but since the ThreatQ platform can be integrated with a SIEM to do the research and automatically identify patterns and linkages and how to pivot from a given IoC, we have even been able to reduce our response time to our customers,” says Julien. “And obviously, in an incident, quickly identifying the pivots and monitoring malicious activities as closely as possible is a major advantage.” Julien adds “ThreatQ allows us to offer a richer threat intelligence service, with more context, but also faster. We are now able to continuously deliver cyber intelligence flows tailored to the needs of our customers.” Strategic approach to mitigate risk Finally, the choice of the ThreatQuotient solution allowed Airbus Cybersecurity to refine the information delivered to customers in order to better manage their security posture. The ThreatQ platform makes it possible to automatically “package” the most relevant flows according to the exposure of the client to specific risks, and thus take a strategic approach to mitigate risk.