Offering Broadest Enterprise Security Infrastructure Integration: ThreatStream

“Established in 2013, ThreatStream runs with a mission to deliver innovative & effective technologies and solutions to address cyber security challenges.”

Taking pride in having the largest number of security integrations, CA headquartered ThreatStream® is the pioneer of an enterprise class threat intelligence platform that combines comprehensive threat data collection, prioritization, and analytics with secure collaboration in a vetted community. Offering the broadest enterprise security infrastructure integration available, the company enables organizations to proactively identify and combat cyber threats targeting their operations. With the mandate to deliver innovative and effective technologies and solutions to address cyber security challenges, the company offers an array of products to its wide range of clientele.

Providing a sense of security to the clientele
ThreatStream Optic
The ThreatStream Optic threat intelligence platform makes sense of all of the threat data that security teams have to sort through to find the needle(s) in the haystack that can threaten clients business, customers, intellectual property, and reputation.

Right “out-of-the-box”, ThreatStream Optic is already integrated with many of the most widely-used security products. Using the ThreatStream Optic Link to connect their platform to clients security infrastructure gives them the ability to start understanding the most urgent risks to business in minutes. ThreatStream Optic also enables users to more easily share threat intelligence by supporting trusted community creation, collaboration and analysis. With the press of a button, ThreatStream Optic users can share threat intelligence in real-time with trusted peers or within any circles of trust they’ve created.

The ThreatStream Alliance Preferred Partners (APP) Store is built into the ThreatStream Optic platform. Featuring some of the most popular commercial intelligence feeds, the APP Store makes it easy for ThreatStream Optic users to purchase the additional threat feeds they need with the click of a button.

ThreatStream Integrator
The STIX/TAXII standards for describing and exchanging cyber threat information have been widely endorsed and adopted by both public and private sector organizations. Many of the Information Sharing and Analysis Centers – or ISACs – such as the Financial Services ISAC (FS-ISAC), rely on a STIX/TAXII repository to facilitate threat information sharing across the many members of their trusted communities. Until now the process to consume and use this critical threat information has been manual and error-prone. ThreatStream Integrator automates this process.

ThreatStream Integrator can connect to any STIX/TAXII server in the cloud (for example, http://hailataxii.com or a server hosted by an ISAC), or on premise, and pull threat information from it into existing security solutions – including HP ArcSight ESM and Splunk – in a format appropriate for that solution. An instance of ThreatStream Integrator can retrieve threat information from multiple sources and forward it to multiple destinations in an organization’s infrastructure. Integrator’s easy-to-use, interactive dashboards enable threat intelligence visualization, deeper analysis, and advanced searches.

Modern Honey Net (MHN)
While honeypot software is fairly mature and can provide high quality threat intelligence for organizations, they have never received wide adoption. From the secure deployment to the aggregation of thousands of events MHN provides enterprise grade management of the most current open source honeypot software. MHN is completely free open source software which supports external and internal honeypot deployments at a large and distributed scale. MHN uses the HPFeeds standard and low-interaction honeypots to keep effectiveness and security at enterprise grade levels. MHN provides full REST API out of the box and they are making CEF and STIX support available now for direct SIEM integration through our Commercial platform Optic.

Understanding the value of Threat Intelligence
The company very well understands the value and importance of investment in threat intelligence which is fast becoming a necessity that organizations are taking seriously. The value of threat intelligence is realized every time.

• Financial losses are prevented
• IT staffing resources are efficiently utilized
• Informed decisions about investing infrastructure and your business are made

Client Speak
“Working with ThreatStream has helped us be much more effective at defending against the simplest threats all the way to the most advanced threats that attempt to compromise our company assets on a daily basis.”

“We enable organizations to proactively identify and combat cyber threats targeting their operations.”

Quick Facts

Founding Year: 2013

Investors: Google Ventures, Paladin Capital Group, General Catalyst Partners, Institutional Venture

Partners:
APP Store Partners: Crowdstrike, Emerging Threats, Farsight Security, Flashpoint, iSight Partners, threat RECON, Reversing Labs, Team Cymru, Webroot, Jigsaw Security, Blueliv, The Media Trust.

Integration Partners: HP ArcSight, Bit9 Carbon Black, Cloudera, Infoblox, LogRhythm, Splunk, IBM QRadar, Nitrosecurity, Palo Alto Networks, RSA Security Analytics, Tanium, Tripwire

Competitors: ThreatConnect, ThreatQuotient, Soltra, BrightPoint Security

Revenue Model: Software as a Service (SaaS)

“Through trust, collaboration, and communication, we strive to implement critical initiatives required to achieve its vision: a more secure world.”

Knowing the Thought Leaders

Greg Martin, Founder
A cybersecurity expert with over 15 years of industry experience, Greg is the founder and strategic advisor at ThreatStream. He has held CISO, product, consulting, and management roles over the span of his career. He was actively involved battling cyber criminals as a technical adviser to the FBI, the United States Secret Service, and NASA, and has consulted with numerous Fortune 500 companies as a practice-leading consultant for ArcSight (acquired by HP). Greg is an advocate of the open source movement and the original author of Bad Harvest (Formerly ArcOSI), which spawned a revolution in data driven security tools and products.

Hugh Njemanze, CEO
A 30-year experience holder in the enterprise software industry, Hugh co-founded ArcSight in May 2000 and served as CTO as well as Executive Vice President of Research and Development. He led product development, information technology deployment, and product research at ArcSight, and expanded these responsibilities to lead all engineering and R&D efforts for HP’s Enterprise Security Products group, the organization that ArcSight became part of post-acquisition. Hugh was recently an advisor and entrepreneur at investment firm, Kleiner Perkins Caufield& Byers (KPCB). Prior to joining ArcSight, Hugh worked as the CTO at Verity, where he led product development, and before that he was at Apple in software engineering, where he was one of the key architects behind the Data Access Language (DAL). Hugh is a CISSP and holds a B.S. in computer science from Purdue University. He was also honored with the Northern California Ernst & Young LLP Entrepreneur of The Year award in 2010.

Colby DeRodeff, Co-founder & Chief Strategy Officer
Recognized as an expert in the field of IT security, Colby’s primary areas of focus are fraud, insider threat, the convergence of physical and logical security, as well as enterprise security and information management.
He has spent his career working with global organizations guiding best practices and empowering the use of security and fraud products across government, finance, e-commerce, and healthcare industries.
Colby has held senior leadership positions with both ArcSight, and Silver Tail Systems and played an instrumental role in the successful IPO of ArcSight as well as the acquisition of both companies by HP and RSA / EMC respectively. A well-respected industry spokesperson, Colby is a published author of “The Convergence of Physical and Logical Security.”

Nancy Bush, CFO
Nancy brings over 25 years of financial and operational management expertise in the dynamic technology industry. Her background in successfully scaling multiple Silicon Valley-based high-technology companies includes rapidly growing companies within the security and SAAS industry. Nancy was the acting CFO and Vice President of Finance at Fortinet and VP of Finance at ArcSight. She has also served as the Vice President of Finance at Adaptive Insights, Packeteer and Maxtor and held Senior Director of Finance positions at Terayon and SGI. Nancy holds a bachelor’s degree in Business Administration from the University of Georgia.

Wei Huang, VP, Engineering
Carrying experience of more than 20 years in building enterprise software in the security and data analytics industries, Wei was the architect of ArcSight Logger, one of the most successful security products created at ArcSight. He was instrumental in designing and building the ArcSight CORR-Engine: the big data platform with 10-to-1 data compression and 5X faster query performance than Oracle RDBMS. After the acquisition of ArcSight by HP, Huang took on additional responsibilities as Chief Technologist and led the technical direction and architecture for the ArcSight product line within the HP Enterprise Security portfolio. Prior to ArcSight, Huang led engineering teams at Oracle, VMWare, Selectica, Netdao, and Certive. Huang holds a Master of Computer Science from Stanford University and Bachelor of Computer Science from the University of Electronic Science and Technology of China. He is also the co-inventor of over 10 patents in big data and security.