The Problem: Too Much Data, Too Little Relevance, Too Little Time

SOC operators, CSIRT teams, and security analysts and researchers are in a race against time. The good news is that there’s an overwhelming amount of threat data available today. The challenge is rapidly converting this unstructured, disparate, and duplicative data into the contextual information to drive your security monitoring process and infrastructure. You need real-time and relevant rules, reports, and dashboards to power a security monitoring practice that uncovers threats as they happen... for rapid, efficient, and reliable incident response. Without automated and complete integration from multiple threat data sources to your own monitoring infrastructure, you’re wasting critical time on a tedious and manual process for home-grown rules, reports, and dashboard development.

The Solution: Operationalize Your Intel - Prioritize and Accelerate Incident Response

ThreatStream Optic™ provides the essential analysis and correlation that you need to translate raw, unstructured and duplicative data into true intelligence. Reduce the noise of false positives, outdated and irrelevant data in minutes, and what’s left is true insight... in the form of pre-built rules, reports, and dashboards that you can immediately apply and manage within your SIEM console.

Key Features:

• Easy-to-use interface to view threat information received through STIX/TAXII feeds

• Analyze and correlate data into actionable information: SIEM rules, reports, and dashboards

• Pinpoint IOCs - quickly search for a specific indicator, search for an indicator type over a time range, and drill-down into details

• Eliminate unnecessary, duplicative and irrelevant indicators - before they enter your infrastructure

• Identify and prioritize the events that matter now - without DIY scripting• Machine-to-Machine learning algorithms scale to accommodate

thousands of IOCs per minute across your environment

2,000+ Member Community

Hundredsof Threat Intelligence Sources

1,000+ Organizations

Millionsof Indicators of Compromise

Automated Detection Scenarios

• Crimeware• Dynamic DNS• Phishing Attacks &

URLs• Anonymous VPN• Hacking Tools• Malware C&C• APT IPs & Domains /

APT IP User Agent• Brute Force,

Spammer & Bot IPs• TOR Detection

Streamline, Scale and Simplify the Threat Intelligence Lifecycle

Data SheetThreatStream Optic™

2317 Broadway, 3rd Floor, Redwood City, CA 94063 USA1-844-4-THREATS | info@threatstream.com | www.threatstream.com

Copyright ©2015 ThreatStream. All Rights Reserved. ThreatStream and the ThreatStream logo are registered trademarks of ThreatStream. TS-DS-OPTC-082015-01

Figure 1: Indicator view

How it Works• Aggregation & De-duplication - Optic™ aggregates and de-duplicates

threat data from 160+ public, private, and proprietary sources including our own global Modern HoneyNet (MHN) project

• Real-time Risk Analysis - Optic™ risk ranks each individual IOC based on severity, relevance, and contextual variables

• Correlation & Actionable Intelligence - Optic™ delivers a set of rules, reports, and dashboards based on the latest cyber attacks, tools, and techniques via lightweight connector to your NGFWs, IDS/IPS, and SIEMs

• Collaboration & Community - Optic™ securely connects security researchers within and across teams in trusted circles to cooperate on effective cyber defense strategies

Integrations

Stop Working on Your SIEM and Put Your SIEM To Work for You