Embed Size (px)
Citation preview
Product Brochure
Analysis
Distributio
n
Enterpris
e
Co
llab
orat
ion
ObservableAcquisition
ThreatStreamOptic™
Security
Operations
Imagine being able to make sense of all the threat information that’s flowing through your security controls and coming from your threat feeds in minutes, not weeks, months or years. Imagine being able to leverage threat intelligence as an effective part of your operations and incident response. Imagine no more. This is what ThreatStream Optic™ can do for you. ThreatStream Optic is the first threat intelligence platform that manages the entire life-cycle of threat intelligence, from multi-source acquisition to operational integration across the entire eco-system of existing security devices. Optic enables enterprises and government organizations to seamlessly aggregate and analyze threat intelligence and automatically integrate the information into their security infrastructure and controls.
The ProblemBreaches are an unfortunate guarantee in today’s digitally-connected world. Organizations may have the threat intelligence to detect them, but that intelligence usually lives on file servers and on one-off databases, ultimately creating an overload of threat data that requires too much time and resource to process effectively.
The StakesYour business! Your organization’s reputation. Your intellectual property. Your customers… Your citizens… And so much more.
The SolutionThreatStream Optic
Figure 1: ThreatStream manages the entire lifecycle of threat intelligence, from multi-source acquisition to operational integration across the entire eco-system fo existing security devices.
ThreatStream Threat Intelligence Platform
ThreatStream Optic™
Threat IndicatorAcquisition
Partners(APP Store)
Optic™/Research
TrustedCollaboration
SandboxModern
Honey Net
FederalSecurity
ThreatStream Optic applies proprietary algorithms to translate raw un-vetted data into actionable intelligence that prioritizes the most critical threats to your organization.
Know what else is great about ThreatStream Optic? The research team that’s got your back.
The ThreatStream Labs team is an extension of your internal threat research or security team, constantly researching new and emerging threats, and then feeding this information and insight into the ThreatStream Optic platform, where you benefit from it in real-time.
Deployment Options:• Public Cloud• Private Cloud• On-Premise
Figure 2: ThreatStream pulls in threat intelligence from many sources, and can add & operationalize additional threat feeds almost instantlu.
Create and Manage Trusted Circles to Share Threats and Benefit From The Wisdom of a Community
When has the integration of a new solution – regardless of form factor or deployment model – ever been easy?
Thanks to our focus on ensuring that ThreatStream Optic integrates with your critical security controls, you’re going to know the answer to that question.
ThreatStream is led by security industry visionary Hugh Njemanze, co-founder of ArcSight, the leader in the SIEM market since it was founded in 2000. With many of the original ArcSight team driving the engineering and development of ThreatStream Optic – as well as other leading experts from both the public and private sector with expertise in security information management, operations and response – the platform has been designed and architected from the ground up to meet the needs of large enterprise and government organizations. And to play well with other security products.
Besides SIEM products, ThreatStream Optic has been pre-integrated with leading firewalls, security gateways, IPS/IDS, IAM, analytics, Big Data, systems management, and end point security products. Our integrations provide prescriptive, real-world content so customers can avoid going down the ‘rat hole’ of integration. We take the guesswork out of knowing how threat intelligence should be integrated, and take that burden off your team and your budget.
Easy to Integrate Your Security Infrastructure
Threat Team Threat Team Threat Team Threat Team OPS Team OPS Team OPS Team
Threat IntelCollected
ManualAnalysis
Data:Pre-Process/
Format
Upload toInternal Site
Retrieval ofThreat Intel
Manual loadto SIEM
Analysis andfeedback toThreat Team
Threat IntelCollected
Push toOptic™
Legacy Process: 7 steps over 14 days
ThreatStream Optic™: 2 Steps in minutes
Threat Intelligence Packages (TIPs) are a feature in ThreatStream Optic that allow users to create a report communicating intelligence about an adversary, incident or event. These reports can be linked to indicators, sandbox submissions, and entire imports. ThreatStream Optic also allows for uploading files that are useful to associate with the report.
Once created, users can securely share the TIP within a public, private, or trusted circle. Besides the user-generated TIPs that ThreatStream Optic facilitates, the platform is also rich with TIPs shared across the ThreatStream community.
TIPs enable customers to use a best practice workflow created by threat intelligence experts, and ultimately to enhance the security posture of their organization through deep contextual awareness of actual events.
ThreatStream Optic LinkUsing ThreatStream Optic Link to connect our platform to your security infrastructure, you can literally start understanding the most urgent risks to your business in minutes. We help you leverage your existing nvestment in security by making everything from your firewalls to the SIEM more effective.
Profiling The Adversary
ThreatStream Optic enables users to more easily share threat intelligence by supporting trusted community creation, collaboration and analysis. With the press of a button, ThreatStream Optic users can share threat intelli-gence in real-time with trusted peers or within any circles of trust they’ve created. And the beauty is, our platform enables you to know exactly WHO is in your trusted circle (or circles) at all times, and it enables you to share only when you want to share. YOU are in the driver’s seat when it comes to sharing. Keep in mind that with the ThreatStream Optic collaboration capabilities, users are essentially taking advantage of an ‘early warning sys-tem’ that enables them to anticipate and protect themselves from attack. (READ: It’s always good to share.)
If you need a jump-start on collaborating, you’ll find trusted groups, created by ThreatStream, focused around vertical and event-specific interests, making it easy to find like-minded companies and begin the process of indicator exchange. These vertical specific communities include Power and Energy, Financial Services, Government, Healthcare and Hi-Tech. Many circles have been organically created by users around specific campaigns or even specific adversaries, as well as social exchanges including conferences or interest groups.
Watch Your ThreatsThreatStream is the only threat intelligence platform provider to offer mobile access to its platform from the new Apple Watch or iPhone. Since June 2015, busy security professionals will be able to monitor and take action on alerts with the flick of a wrist, or the touch of a button on their phone!
Create and Manage Trusted Circles to Share Threats and Benefit From the Wisdom of a Community
ThreatStream provides everything you need to operationalize threat intelligence across your security infrastructure. We know the stakes are high, and using ThreatStream Optic, you can protect your organization’s reputation, intellectual property, and your customers’ and employees’ data. Sign up for a Free Trial of ThreatStream Optic at: www.threatstream.com, and follow us on Twitter at @threatstream.
ThreatStream has a groundbreaking partnership with Health Information Trust Alliance (HITRUST), the leader in information risk management supporting the healthcare industry. Through this partnership, HITRUST is offering the HITRUST Cyber Threat XChange (CTX), powered by ThreatStream, a service that streamlines cyber threat information sharing and significantly accelerates detection of and response to cyber threats targeted at the healthcare industry. Now healthcare organizations can easily share indicators of compromise (IOCs) with all other participating organizations. In addition, the ThreatStream platform at the heart of CTX supports the STIX and TAXII formats and incorporates real-time security infrastructure integration.
Learn more at https://hitrustalliance.net/cyber-threat-xchange/
If your organization subscribes to public or private intelligence feeds, ThreatStream Optic has the ability to import those feeds and automatically inject the observables into your security infrastructure via ThreatStream Optic Link.
If you decide you need additional threat feeds, you can visit the ThreatStream APP Store, where you have instant access to a marketplace of premium threat intelligence services. Just click on “Marketplace” from within the ThreatStream Optic dashboard, and you can select services from any one of our existing and growing list of partners.
You can test drive or purchase the threat intelligence services each partner provides, and ThreatStream facilitates the whole process. The new threat information immediately becomes part of the actionable intelligence and operationalized content being provided by the ThreatStream Optic platform.
Easy to Add New Feeds to Increase Your Defenses
2317 Broadway, 3rd Floor, Redwood City, CA 94063 USA1-844-4-THREATS | [email protected] | www.threatstream.com Copyright ©2015 ThreatStream. All Rights Reserved. ThreatStream and the ThreatStream logo are registered trademarks of ThreatStream.
