-- particles

24x7
AI powered vulnerability protection

REQUEST A DEMO Watch Video
80%
80% of breaches result from
poor patch management.
143 mil
September 2017, Equifax:
143 million records compromised
as a result of a software vulnerability
in Apache Struts.
$2T
$2 trillion is projected cost of
global data breaches by 2019.
4.3B
4. 3 billion micro-processor chips were found
vulnerable to Spectre Security vulnerability.

Today's challenges in
addressing cyber threats

Volume

High velocity of threats across multiple sources

Relevance

Finding a needle in a haystack or get to know "is this threat important for me"

Impact

Identifying assets that are impacted

People

Vulnerability data and security functions are centralized

Time

Delays at every stage in managing threat lifecycle

OUR PLATFORM

  • 24×7 machine curated threat intel across software and hardware stacks
  • Filter based on relevance
  • Build correlation between vulnerabilities and business services
  • Decentralize sharing of vulnerability intelligence across business functions
  • Track vulnerability lifecycle from early warnings to severity updates, exploits, workarounds and patches
  • Zero touch threat protection for your business services, on-premise and cloud footprint
  • Integrate with popular ecosystems and tools like ServiceNow, Splunk, JIRA, Slack for automated vulnerability management

Tailored Vulnerability Intel

Every day the long tail of vulnerabilities keeps growing. Understanding whats relevant for your environment without loss of focus is critical for effective mitigation. ThreatWatch does just that so that your security analysts and operations staff can focus on the most relevant threats.

Superior Coverage of Vulnerabilities

Hundreds of different software and hardware stacks, open source libraries running on multitude of different operating systems get exposed to vulnerabilities each day. You can rely on ThreatWatch for its ever growing coverage of threats that matter to you. ThreatWatch covers a broad spectrum from vulnerabilities in micro-processors, kernel and operating systems to content management systems, ERP solutions, dev ops tools, networking gear, pen source software and much more.

Real-time Notifications

Timing is of essence for pro-active security measures. Every few hours vulnerabilities are getting uncovered and its hours and minutes that matter when it comes to building a strategy to deal with them on a daily basis.

Instant Impact Analysis

How does a threat impact me?

Understanding the vulnerability impact requires a very nuanced approach with careful consideration of the overall context , operating environment and overall risk appetite of the organization. ThreatWatch looks beyond severity ratings and CVSS scores and learns from user feedback to achieve a high signal-to-noise ratio.

Flexibility of Symbolic Assets

Representing risk requires business context and that means modeling services that are powered by underlying assets. Symbolic assets is a powerful mechanism to get a business centric view of risk in terms of vulnerability exposure. They provide a logical representation of a collection of assets and services to effectively manage the volume of incoming vulnerabilities. They also reduce the overheads of scanning for vulnerabilities in a large environment.

Zero touch Assessments

Large environment impose a huge cost in terms of resources required for regular vulnerability scans. ThreatWatch helps you reduce these costs by scanning virtual symbolic assets.

Workflow Integration/Remediation

Integrations with ecosystems and tools like ServiceNow, JIRA, Splunk, Slack and more, enable customers to realize more ROI from these investments and leverage them for improving the security posture of the enterprise.

HOW IT WORKS

  • 1 Decide
  • 2 Configure
  • 3 Analyze
step 1: Decide

Decide

  • Which technology stack, vendors or nature of vulnerabilities are of your interest ?
  • Which teams and individuals in your organization would be interested to learn about security vulnerabilities affecting them?
  • How would you prefer sharing your asset information with ThreatWatch?

Configure

  • Setup alerts for custom notifications and de-centralized vulnerability intelligence.
  • Setup “ThreatFilter” to see all that’s relevant for you.
  • Setup plugins for asset discovery and workflow tools.

Analyze

  • Executive Leadership: Get a pulse of the changing security posture of services powering your business.
  • Analysts : Track lifecycle of vulnerabilities and correlate it with IOC indicators.
  • Operations: Prioritize your patching and mitigations with realtime / relevant updates.
  • Program Managers: Identify trends and gaps to build robust security programs and projects.
Prev Next

Offerings

SaaS

  • Ideal for small enterprises
  • Individual sign-ups
  • Symbolic assets: up to 10, each with up to 10 products
99 USD / month

On-Premise

  • Medium to large enterprises
  • Unlimited user signups
  • Shared assets : upto 200 assets / per instance, upto 50 products per asset
Contact us

Managed Service

  • Small, medium or large enterprises
  • Cloud hosted and secured
  • Sharing with Vendor(s) and Partner(s)
Contact us

ReST/OpenAPI

  • Integrate with existing solutions (in-house or third party)
  • Comes bundled with all three offerings

SaaS : Upto 1000 request per month

On-Premise / Managed Service: Up to 10K requests per month / per user

Contact us

USE CASES

DevOps / DevSecOps

Developing and deploying production services with DevOps is an integrated function. In addition to keep the build and development environment free from known vulnerabilities there is also reliance on cloud providers for keeping the deployment environment patched at all times. This reliance is limited to base operating system and the application runtime becomes responsibility of the consumer. Behind a single large deployed service there are several different components powering that service which can have multiple teams contribute to it as well as reliance on vendors / outsourced providers or third party libraries.

ThreatWatch provides a flexible approach that allows service compositions to be represented as assets to understand the holistic risk while still being able to attribute risk emanating from individual components in real time.

USE CASES

Patch Management and Notifications

The many flavors of operating systems powering up services, endpoints ( laptops/mobile devices ) as well as hardware devices like networking gear, printers, wayfinders, conferencing and communication devices remains a huge challenge with a constant discovery of new vulnerabilities and their patches. Teams managing internal systems are focussed on the different business functions that they serve and are further fragmented into the type of operating systems.

ThreatWatch providers effective way to communicate this information to relevant teams ( internal or vendor ) in near real time for some cases, maintaining visibility and providing the real key value of being a subject matter expert.

USE CASES

Vulnerability Certification for Development Teams

Regulations related to processing of financial data (PCI) , health information (HIPPA) or when providing services to government bodies (FISMA) all require controls and processes in-place to ensure organizations are carrying out due diligence for securing the operating environment. There are periodic attestations that need to be carried out (eg. quarterly/yearly audits for PCI). With vulnerabilities being published frequently waiting till end of a quarter isn’t ideal. Repeated scans aren’t the solution either.

ThreatWatch provides a continuous monitoring and alerting mechanism for vulnerabilities and patches that makes this entire certification process manageable and effective.

USE CASES

Real Time Threat Intel for Red Team Exercises

Most organizations these days carry out internal assessments along with red team exercises to uncover security issues proactively before bad actors are able to uncover and exploit them. For these exercises to be effective a pre-requisite is having a knowledge base to tap into to capture the entire lifecycle of vulnerabilities from discovery to various updates which might include exploits, newer products being affected, severity and reference updates. This helps the red teams have access to the latest information that bad actors would have.

ROLES

  • For Security and Risk Management Leadership

    Understand risk for critical services for effective planning and execution of risk mitigation programs.

  • For Security Pen-Testers / Red Team

    Use constantly updating knowledge base of cutting edge vulnerabilities and exploits to understand weaknesses and effective planning of the security testing / red team exercises.

  • For Security Engineers and Operations Staff

    Identify vulnerabilities in dependent third party libraries. Identify patches and mitigations for operating systems, networking gear and critical service infrastructure.

  • For Threat Analysts

    Co-relate vulnerability data with other relevant data sources like malware and IOC (Indicators of Compromise) to provide relevant intelligence to plan for mitigations.

    Identify chain of vulnerabilities that might get exploited, work with operational staff to provide subject matter expertise and plan mitigations.

  • For Security Program Managers

    Generate rich reports based on the desired level of granularity and with varied combinations for upward and downward reporting. Understand trends, backlogs for building effective short and long term program objectives. Get relevant data for making prudent investment decisions.

COMPANY

ThreatWatch’s mission is to offer cutting edge, premium solution for pro-active security needs covering your entire software and hardware stack. We believe that with machines leading today’s cyber attacks, there is a need for a “zero”​ touch approach , coupled with AI, ML models trained specifically for predicting relevance of security threats. Planning mitigations and deciding the priority has a human element that needs relevant and risk driven analysis. With “vulnerability intelligence” and “vulnerability impacts” ThreatWatch combines different variables and helps organizations prevent data breaches.

CONTACT

ThreatWatch, Inc.
15490 Willow Dr.
Los Gatos CA 95032
(800) 916-1241

info@threatwatch.io

Send Us A Message