Optiv ThreatDNA® Platform and ThreatBEAT® Service

Optiv ThreatDNA® Platform and ThreatBEAT® Service

Optiv recognized the need for intelligence-driven operations years ago. In 2013, we created the Global Threat Intelligence Center (gTIC), integrating content feeds, services and support for clients. Now, with ThreatDNA®, Optiv is advancing our intelligence operations capabilities to include orchestration, automation and integration to provide more immediate analytics for our clients.


What is the ThreatDNA Platform?

It’s a real-time contextualized threat intelligence platform integrated into core Optiv services and products. We have integrated people, processes and technology to achieve actionable intelligence outcomes. ThreatDNA results focus on integration into business processes, such as threat identification and response, vulnerability risk management and incident response.


What is ThreatBEAT®?

ThreatBEAT is an integrated component of ThreatDNA, a real-time threat-focused visibility and analytics engine. ThreatBEAT provides telemetry and correlation of threats including – but not limited to – hacking, intrusion and computer viruses. ThreatBEAT enables us and our clients to maintain and monitor trends and analytics related to threats in an environment, sector, geo-location, CVE vulnerability exploitation and attribution to specific computer viruses and adversaries.


Why the change?

Reimagining how to integrate valued intelligence into business processes for clients is the focus of Optiv intelligence operations. The team also regularly performs lab-qualified intelligence analysis, a critical component of trust and confidence impacting all intelligence services supported by Optiv.


Also in 2020, Optiv will be more focused on visionary developments for a host of new service offerings to be evaluated and launched in 2020 with a focus on augmented intelligence services that best meet the needs of clients in their business outcomes.


Integrating intelligence means overcoming major challenges

Organizations best consume intelligence when they have a robust IT function and solid security governance in place. Because most organizations struggle at operational capabilities, consistency and integration intelligence usually requires a very high level of effort to do well across multiple teams in an organization, particularly in large global organizations.


As a security solutions integrator, Optiv has teams across the organization that add impact and leverage intelligence in their operations. Our focus on clear long-term strategic outcomes is a huge part of what helped us overcome early challenges even as we embraced change.


The gTIC team also focuses on understanding client environments, obtaining feedback, and evaluating needs to ensure the best possible intelligence outcomes. Each client is different, with some requirements overlapping. All clients need integration into specific business processes, like threat identification and strategic priorities, to improve a defensive posture against those threats. ThreatDNA has championed this feedback and visibility, especially when looking at the threat data for hundreds of clients, to identify the best solutions possible with a massive improvement in visibility.


Optiv has embraced the need for consistent, capable staff by implementing a CyberSTRAND training program. This includes complex, customized on-premise classroom instruction and evaluations, on-the-job training and use of external education for malware analysis, analyst mindset and network detection and response. In 2019 Optiv implemented a new training program to harmonize roles and responsibilities further and mature the understanding of teams in malware analysis, forensics, network architecture, and endpoint security. CyberSTRAND is now a central solution for our Security Operations staff to develop and maintain training specific to their job and team.


Closing Thoughts


Our gTIC team is committed to providing world-class intelligence internal to our operations to ensure the best quality service outcomes for clients. Expect to see advancements in all intelligence-related services and solutions with us in 2020, starting with the delivery of daily SITREP reports to clients -- scheduled for late January 2020.


We look forward to partnering with you as we seek to improve intelligence-driven operations in 2020.

Ken Dunham
Senior Director, Technical Cyber Threat Intelligence
Ken Dunham has spent 30 years in cybersecurity, consulting in adversarial counterintelligence, forensics, Darknet Special Ops, phishing and hacking schemes, AI/BI, machine learning and threat identification.