Feature Briefs

ThreatQuotient Integration

Issue link: https://learn-umbrella.cisco.com/i/718755

Contents of this Issue


Page 1 of 1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Enforce threat intelligence globally Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network's perimeter where you have deployed security appliances. Unlike appliances, Umbrella enforces threat intelligence globally using the Umbrella global network. While many new endpoint detection and response (EDR) agents only detect IOCs, Umbrella blocks advanced attacks before data breaches or new malware infections happen. Plus, many of these EDR agents still rely on VPN agents to receive updates when the device is off the network. Not with Umbrella, because all security enforcement and intelligence is in the cloud. Programmatically enrich this intelligence for better correlation Additionally, Cisco Umbrella Investigate has an API that can be used to enrich your local threat intelligence with our real-time, internet-wide context about suspicious domains, IPs, ASNs, and malware files. Using the Investigate API, you can automatically add our risk scores and other information to your existing IOCs and security event data — helping to quickly surface high impact security incidents and provide more intelligence for security analysts and incident responders. " The ThreatQ-Cisco Umbrella partnership and integration allows customers to take advantage of their intelligence by making more informed deployment decisions based on supporting context and IOC scoring recommendations. This is a game-changer for many companies that do not have the resources to chase every IOC that makes it into a blacklist." Ryan Trost CIO and Co-Founder About ThreatQuotient Headquartered in Northern Virginia and founded in 2013, ThreatQuotient provides ThreatQ, a Threat Intelligence Platform (TIP) that automates, manages, and operationalizes critical threat intelligence, enabling security teams to collaborate and make more informed decisions regarding their security posture. ThreatQ is a cornerstone platform for threat intelligence providing security teams with much-needed contextual information regarding indicators of compromise (IOC), attack tracking and adversary activity. For more information, please visit: http://www.threatq.com/. Investigate offers direct access to predictive intelligence generated by our statistical models via 80B+ daily DNS queries & BGP data. Umbrella enforces both your IOCs and our predictive intelligence via the Umbrella global network of 25 data centers with 100% uptime. Customers simply point DNS at us to block malware, botnets/C2 & phishing over any port, protocol, or app.

Articles in this issue

Links on this page

view archives of Feature Briefs - ThreatQuotient Integration