ThreatQuotient Launches in Bid to Improve Threat Intelligence
The company's ThreatQ pushes threat intelligence to an organization's existing tools to make faster use of data to secure an enterprise.At the Black Hat USA 2014 conference, Ryan Trost spoke about the challenges and opportunities of building a threat intelligence library from multiple sources. Trost is the co-founder and CIO of ThreatQuotient, which officially launched on June 3, turning part of the strategy that was discussed at Black Hat into a real product, ThreatQ. The goal of ThreatQuotient, according to Trost, is enable an organization to manipulate and understand threat intelligence data from any number of different sources. The idea of being able to handle and understand multiple forms of threat data is not a new one and is being chased by a number of vendors, including ThreatStream. "What differentiates us from others in the market is the fact that we're completely on-premises," Trost told eWEEK. "We're a middleware platform for threat intelligence." From a core technology perspective, Trost explained that ThreatQ includes a number of Python language-based connectors that reach out to different threat intelligence source APIs to pull data in. In addition, the data can be enriched by ThreatQ for additional context.
Trost said a traditional Security Information and Event Management (SIEM) platform is limited in that it is only correlating alerts. "If a malicious attack isn't enough to trigger an alert, the threat intelligence in the SIEM isn't doing anything," he said.