'7 Minutes' with ThreatQuotient Director of Alliances Haig Colter

ThreatQuotient is in the business of intelligence; specifically, providing an open threat-intelligence platform that security teams can look to for information on how attackers are looking to get past their defenses.

Channel Partners

May 16, 2017

5 Min Read
'7 Minutes' with ThreatQuotient Director of Alliances Haig Colter

**Editor’s Note: “7 Minutes” is a new feature where we ask channel executives from startups – or companies new to the Channel Partners audience – a series of quick questions about their businesses and channel programs.**

In this installment, we take seven minutes with ThreatQuotient director of alliances Haig Colter. ThreatQuotient is in the business of intelligence — specifically, providing an open threat-intelligence platform that security teams can look to for information on how attackers are looking to get past their defenses.

1b7e69fac4944c10ab7926fef985b580.jpegThe company, which was launched in 2013, has been named in multiple lists of hot startups to watch and it has affiliate relationships with groups including the financial and retail industry threat sharing centers, SANS and OASIS. Its blog is also a great source of information for security resellers and MSSPs.

Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?

Haig Colter: Customers love that our product is flexible, and provides their security teams with the controls to customize their threat operations and management in a way that no other threat intelligence platform can. The ability to add context by correlating both internal and external threat data, and then automatically prioritize this intelligence based on their unique environments, leads to accelerated detection and response, better decision making and greater collaboration amongst various teams.

ThreatQ is the only platform with a self-tuning Threat Library, ensuring the highest-priority threats are identified, and will automatically update as new data or context are received by the system. Also, the platform’s Open Exchange allows for easy integration with existing security infrastructure, allowing companies to get more out of existing security investments and improve their security posture.{ad}

CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?

HG: The goal of our Threat Alliance Program (TAP) is to achieve mutual success with our channel partners through efficiency and agility, mutual confidence, high competition and innovative programs. Our channel program, which is designed to provide our partners with a deep understanding of our threat intelligence platform so that they can be a trusted partner for their customers, has three tiers: a simple referral level to process an order, a silver level with additional discounts and a gold level with greater discounts.

We are not heavy on certifications — our focus is on training our partners to become familiar with our solution. We also offer additional discounts for new account acquisition, competitive replacement programs, NFR (not for resale) programs and deal registration. The flexibility of our Threat Alliance Program allows us to partner with just about anyone, including resellers, referrals, strategic vendors, MSSPs and VARs.

CP: Quick-hit answers: percentage of sales through the channel, number of partners, average margin.

HG: 100 percent, 50, 30 percent.

CP: Who are your main competitors, and what makes your offering better?

HG: We are most often compared to …


… Anomali and ThreatConnect.

Three major differentiators of the ThreatQ threat intelligence platform include 1) its operations focus, 2) that it is open and transparent, and 3) that it has a self-tuning threat library. These differentiators allow for customer-defined prioritization and scoring of threats versus using vendor-defined settings; more fine-tuned data sets versus overwhelming and sometimes irrelevant global data sets; and extensible architecture versus a closed, black-box design with a forced methodology.

Traditionally, threat-intelligence platforms have been used to aggregate and share threat data. But the industry has realized that this is not enough, and that TIPs need to do more to support the utility of threat intelligence as part of security operations by helping identify a starting point for investigations. ThreatQ has been purpose-built to surpass the limitations of other solutions, and help customers focus their resources on the high-risk items that are most pertinent to their businesses.

The platform combines and correlates data from multiple sources, both external and internal, and calculates a unified opinion with a single, transparent score. This unified opinion alleviates operator confusion in the case where threat data is rated differently by various providers or is lacking context behind how the rating was determined.{ad}

Our threat intelligence platform (TIP) offering is a great fit for users looking to have an on-premises solution and a large partner ecosystem of tools that integrate with the platform. We are also an especially good option for companies looking to optimize their current work flows — the flexible ThreatQ platform integrates with unlimited internal tools so that teams do not have to modify their current processes to use ThreatQ.

CP: How do you think your technology portfolio will change in the next three years?

HG: ThreatQ was built with an operational foundation. We are focused on making operations more effective and efficient. As such, the ThreatQ platform will evolve to include support for additional threat-centric use cases, more automation and additional workflow capabilities. This will allow defenders to make decisions and act faster with more relevant information at their disposal.

CP: How do you expect your channel strategy to evolve over that timeframe?

HG: For a small company, we have been very successful breaking into the global market. I expect to see more channel partners come into the fold as we continue to expand and do more business around the world. Keeping in mind that there is no one silver bullet for defending against adversaries, I also expect to see more service fulfillment executed by partners over time.

CP: What didn’t we ask that partners should know?

HG: ThreatQuotient was founded by analysts and operators who needed a better way to be successful at defending their environments. We are a solution for threat operations and management built by people who have done that work. Thanks to this pedigree, ThreatQuotient’s solution is designed to help an analyst spend more time being an analyst, and less time having to administer a tool to sift through the noise.

Finally, our partner ecosystem is continually growing. We want to make it easy to deploy our solution and work with the other tools in an organization such as ticketing systems, enrichment and orchestration tools, SIEMs and multiple intelligence feeds. Our robust ecosystem leverages the ThreatQ open exchange through a software development kit (SDK), easy-to-use application programming interfaces (APIs) and a comprehensive set of industry-standard interfaces to fully integrate with the equipment, tools, technologies, people, organizations and processes that protect your business.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like