ThreatQuotient has announced Version 6 of its ThreatQ Platform. It is a major upgrade with over 30 new enhancements, innovations and modules. The company says it will enable customers to scale their security operations and collaborate better.
Leon Ward, Vice President of Product Management, ThreatQuotient, said, “Organizations have never experienced the volume and impact of attacks that they’ve witnessed in recent quarters, but on the positive side, defenders collectively have never had so much hands-on experience in responding to those same incidents.
“Through collaboration and sharing, defenses can be scaled so others are able to respond faster and more accurately, which is what we aim to do through the enhancements that we have built into the ThreatQ Platform. Sharing of key intelligence at scale with third parties has never been easier though the new integrated TAXII server included in ThreatQ Data Exchange.”
Making intelligence sharing easy
Collaborating and sharing threat intelligence is essential when it comes to managing the scale of attacks today. The ThreatQ platform is built on workflow management and data-driven automation. It allows teams to automate tasks giving them more time to deal with incidents.
The platform supports STIX2.1/TAXII to allow for intelligence sharing and analysis. It also has several other new integrations into other intelligence products. ThreatQuotient says it has seen the number of available workflow actions double in the last 12 months.
Security teams have access to a natural process language called ThreatQ ACE. In addition to speeding up queries, ThreatQ ACE automatically identifies Indicators of Compromise, malware and other threat indicators from unstructured data. It provides that data to security teams.
ThreatQuotient has integrated several GenAI tools, including ChatGPT, for contextual information gathering. This also allows security teams to create plain language descriptions of threats. One of the biggest challenges in threat intelligence is explaining the threat to the largest possible audience.
There are now over 450 integrations with ThreatQ. Customers can add integrations through an online marketplace. In addition, they can use the ThreatQ API to integrate with other tools to further expand access to threat intelligence.
The biggest challenge for customers will be choosing which integration to use. As their requirements change over time, they will want to be sure they can switch integrations in and out.
However, ThreatQuotient will also need to ensure it polices the marketplace properly. Outdated and unsupported integrations will need to be deprecated, and customers helped to switch to better options. This is a non-trivial task that will take time and resources to solve. At present, the marketplace seems to be unregulated and uncontrolled.
Enterprise Times: What does this mean?
Threat intelligence sharing is critical if organisations are to defend against cyber-attacks. While cybercriminals have well-established collaboration and sharing techniques, defenders are often left behind. ThreatQuotient believes that ThreatQ gives defenders a greater chance of success.
450 integrations is a great selling point for ThreatQ, providing, as mentioned above, ThreatQuotient puts the right policies in place. Another key part of this announcement is the workflow automation and the ability to search through data streams for new threats.