sb-au logo
Story image

ThreatQuotient & Infoblox integrate threat intelligence capabilities

17 Nov 2020

ThreatQuotient and Infoblox have announced an integration that provides more contextual data to threat response actions as flagged by ThreatQuotient’s threat intelligence platform.

Infoblox’s BloxOne Threat Defense provides DNS security as either an on-premise, cloud-based, or hybrid SaaS solution. The solution uses 45 million threat indicators to detect threats and facilitate incident response.

ThreatQuotient ThreatQ threat intelligence platform can now leverage this data to automate the majority of manual tasks and leverage existing security resources, including people and infrastructure.

By activating cyber intelligence in Infoblox DNS and importing Infoblox Threat Intelligence Data Exchange (TIDE) into ThreatQ, organisations are equipped to create responses to emerging threat vectors.

“ThreatQuotient provides defenders with the context, customisation and collaboration needed for efficient threat operations and management. From discovery, configuration and compliance, Infoblox is helping to automate and simplify network and security processes,” explains ThreatQuotient director of alliances, Haig Colter. 

“Together, our integration eases the consumption of threat intelligence from various internal and external sources to ensure that intelligence is accurate, relevant and timely to an organisation’s business.”

Infoblox IP and DNS context integration with ThreatQ supports a variety of use cases, such as:

  • Allowing joint customers to assess, categorise and manage security incidents
  • Removing unnecessary, duplicate and irrelevant indicators before they enter a network
  • Enforcing security by blocking DNS requests to malicious resources (IP addresses and domains)

"Security operations tasks such as monitoring for lookalike domains are extremely time-consuming. Teams leveraging Infoblox and ThreatQ, such as TIP administrators, will gain enhanced visibility into potentially malicious IP addresses and DNS threats,” adds Infoblox director of business development, Dave Barry. 

“Our integration with ThreatQuotient offers customers the tools to further optimise their security posture from the ground up and achieve next-level network security through deeper, more relevant context and automation.”

Recently ThreatQuotient was named in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response (SOAR) Solutions as a Representative Vendor.

The recognition validates the market’s growing need for threat intelligence and security operations, the company states.

ThreatQuotient president and CEO John Czupak says that industry understanding of SOAR is evolving, and is becoming included in threat intelligence and security incident response platforms.

“We believe Gartner’s latest Market Guide for SOAR Solutions validates the growing need for tools that are complementary to an organisation’s arsenal of products and processes already in place. We are committed to continuing to meet the market need for a security operations platform that improves the effectiveness of the SOC.”