The ThreatQuotient Blog
EXPERTS SHARING THEIR CYBER THREAT INTELLIGENCE INSIGHTS AND EXPERIENCES
One of These Things Is Not Like the Other – Defending Against Homograph Attacks
With ThreatQ and just a few simple steps you can more effectively detect and defend against the surge in homograph attacks.
Using Threat Intelligence to Defend Against 0day Vulnerabilities
As a security professional, I am always amused by the reaction to 0day announcements. On one hand, there is always a strong interest in technically understanding the vulnerability and how it is exploited.
Ransomware – The Non-Technical But Fascinating Ripple
One of the silver-lining effects of a global cyber scare such as WannaCry ransomware is the trigger to catch up with friends to discuss fact vs. fiction of the threat research and other ‘bigger picture’ observations.
Buy vs. Build: Tales from the Trenches
In mid-2010 I was running a large Defense contractor SOC and was forced to build what’s currently known as a threat intelligence platform (TIP).
It’s Time to Think Differently about Threat Operations
Can you really “manage” threats? Is that even a worthwhile goal? And how do you define a threat?
The Watchlist: Collaborating to Build Better Adversary Dossiers Faster
Have you ever wanted to be alerted about new information related to the TTP of an adversary? Well now that’s possible!
Leveraging ThreatQ and AutoFocus to Combat Ransomware
In this post, we will look at “AutoFocus,” which gives access to Palo Alto’s Wildfire data and, when used with ThreatQ, allows you to more effectively and efficiently combat ransomware.
Preparing for FS-ISAC Annual Summit: Financial Threat Actors are on the Rise
As financial institutions continue to fall prey to large cyber attacks, it is extremely critical that they equip their security teams with the appropriate tools.
Recorded Future Custom Connector updates for ThreatQ
We have made significant changes to ThreatQ’s Recorded Future Custom Connector to support Recorded Future’s new API changes and additional risk lists.
Product Methodology: Operations vs. Sharing
During the time when we were designing the initial phases of our threat intelligence platform (TIP), we determined that there were some important core principles that should drive how we built the product.
Referral Partner Program
In today’s fast paced security landscape, customers are doing their best to keep their infrastructure secure from the latest breaches and threats.
Blanket Deployment of Intelligence is Counterproductive
The ThreatQ platform offers a two-step resolution through our new scoring feature. It starts by properly scoring intelligence for your environment, which I’ve discussed in detail in multiple blogs and in a new whitepaper.
Come See ThreatQuotient Next Week at SANS THIR
Take some time to swing by the exhibitor’s hall to visit our booth and to hear how ThreatQ, our Threat Intelligence Platform (TIP), can help your security team collaborate together efficiently…
To Optimize Threat Operations, Start with Customized Scoring
You need a way to quickly re-score providers’ intelligence – aligning it to your own risk posture and prioritized based on threats specific to your environment – so you get the maximum benefit from threat intelligence.
Project Honey Maid: Using ThreatQ to Research NoSQL Ransomware Attacks
Over the next few weeks, we will investigate just how rampant these types of attacks are, how we utilize the ThreatQ platform to house our research and utilize Operations for investigation and enrichment.
Bridging the Gap: Come See the ThreatQuotient Team at SINET ITSEF 2017
If you’d like to chat with our team of experts about how your organization can use CTI and a TIP to maximize current security investments, come see us at SINET ITSEF 2017!
How to Use ThreatQ to Defend Against Ransomware
Ransomware is still a major money maker for cyber criminals and victims are all over the board, ranging from individuals to major corporations.
How to Leverage the ThreatQ Threat Library Using Carbon Black
Using the Exports section of ThreatQ, analysts are able to make data available to the team or tool that needs to consume the critical threat data using the Carbon Black integration.
