Feature Briefs

ThreatQuotient Integration

Issue link: https://learn-umbrella.cisco.com/i/718755

Contents of this Issue


Page 0 of 1

3rd party threat intelligence Local threat detection Umbrella Enforcement Blocks and/or logs internet activity attributed to these domains or IOCs. Investigate Intelligence Access our threat intelligence about domains, IPs, ASNs, •le hashes, and more. many more IOCs FW/ IPs Gate- ways Sand- box IOCs Post domains Get context on domains or IPs Threat intel platform For the first time, you can prevent — not only detect — threats both on and off the corporate network using an API with a cloud-delivered network security service. Together, Cisco Umbrella and ThreatQuotient give you the power to curate, correlate, and take immediate action on your threat intelligence. Programmatically operationalize your threat intelligence Enterprises with dedicated security operation teams struggle to operationalize multiple sources of indicators of compromise (IOCs). While your SIEM can centralize IOCs in one place, it was not built for this task. And building your own custom in-house systems require skillsets in short supply and takes months or years to complete. ThreatQuotient's Threat Intelligence Platform (TIP) — ThreatQ — removes all of these manual burdens. Programmatically take immediate action on this intelligence As intelligence is aggregated and analyzed in a TIP, the final step is to take action on it. Cisco Umbrella is one of ThreatQuotient's integration partners that enables you to complete the threat intelligence lifecycle without manually configuring appliance or agent-based defenses. By leveraging the Umbrella API, ThreatQ will automatically add malicious domains to our cloud security platform. By enforcing security at the DNS layer, Umbrella uses the internet's existing infrastructure to keep malware, phishing, and command & control callbacks (C2) from compromising systems and exfiltrating data over any port, protocol, or app. Blocking internet activity attributed to your domains on any device — on or off the network — reduces the time between detection and prevention to seconds. " By year-end 2018, 50% of Type A organizations and managed security service providers will use a TIP to consume, act upon and disperse MRTI, up from fewer than 5% today." Craig Lawson and Rob McMillan Technology Overview for Threat Intelligence Platforms © 2016 Cisco and/or its affiliates. All rights reserved. Integration between Cisco Umbrella & ThreatQuotient. Immediately convert your threat intelligence into global threat prevention. F E AT U R E B R I E F Curate & correlate Take immediate action

Articles in this issue

view archives of Feature Briefs - ThreatQuotient Integration