ThreatQ Investigations Accelerates Security Operations through Threat Understanding, Collaborative Analysis and Coordinated Response
The industry is constantly driving to reduce MTTD (mean time to detection) and MTTR (mean time to respond) through automation. However, acting fast alone is not enough; the key is determining the right actions are taken faster than ever before. While it is now possible for organisations to prioritise and contextualise millions of threat data points, it is still difficult to work through what information is most relevant and determine the appropriate response. Taking action requires individuals and teams working collaboratively to analyse and understand a threat, incident or situation before they can coordinate and automate their response with confidence and reliability. Quickly developing this shared understanding about a situation has been a considerable challenge. ThreatQ Investigations answers this challenge providing a single visual representation of the complete situation at hand, including what actions were taken, by whom and when.
“With different analysts and teams all working on parallel tasks, it is not uncommon to overlook key commonalities that exist. With ThreatQ Investigations, everyone taking part in an investigation is automatically able to see how the actions of others impact and further extend their own work,” said Leon Ward, VP of Product Management, ThreatQuotient. “ThreatQ Investigations fuses together threat data, evidence, users and actions into a single, shared environment. This unique interface drives collaboration between all parties involved in the investigation process.”
The dispersed nature of today’s security teams compounds the problem. ThreatQ Investigations streamlines global collaboration while also giving individuals the freedom to test theories prior to sharing with the group to ensure accuracy and relevance. Both those in technical roles performing analysis, and the decision-makers relying on the outcomes, will benefit from ThreatQ Investigations. Incident handlers, malware researchers, SOC analysts and investigation leads will all gain more control, be able to take the right steps at the right time and accelerate overall security operations.
“Like many organisations, NTT Security is continuously working on new and improved ways to enhance the collection of data from various sources, correlating and analysing that data with NTT Security’s own threat intelligence, and then using it to proactively protect against the real-world threats we face every day,” said Jeremy Scott, Director, Global Threat Research, Global Threat Intelligence Center (GTIC), NTT Security. “ThreatQ Investigations enables our team to not only collaborate, coordinate and document investigations, but visually pivot through vast amounts of data to increase the effectiveness of our team and our analysis processes, ultimately providing stronger detections and threat intelligence for our customers.”
ThreatQ Investigations leverages the existing capabilities provided by the ThreatQ platform and allows for the capturing, learning and sharing of knowledge. Use cases for ThreatQ Investigations include: anticipation situations that accelerate understanding of emerging threats to update defence posture proactively; response situations that enable the right responses to be determined and acted upon faster than previously possible; and retrospective analysis to learn what can be improved in the future.
Starting 16th April, ThreatQuotient will be exhibiting at the 2018 RSA Conference in San Francisco. Attendees can preview ThreatQ Investigations on the show floor at Booth 2601 in Moscone Hall South until 20th April. For more information about ThreatQuotient’s participation at RSA, or to schedule an in person meeting, click here http://lp.threatq.com/TQ-at-RSA-USA-2018.html. ThreatQ Investigations will be generally available in late May 2018.
ThreatQuotient™ understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ™, and cybersecurity situation room solution, ThreatQ Investigations, empower security teams with the context, customisation and prioritisation needed to make better decisions, accelerate detection and response, and advance team collaboration. Leading global companies use ThreatQuotient solutions as the cornerstone of their security operations and threat management system. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe and APAC. For more information, visit https://threatquotient.com.
+44 (0) 1189 497738