Breaking: Criminal IP & Securonix partnership delivers exposure-based threat intel to ThreatQ platform
San Jose, CA — In a move that promises to transform threat intelligence operations, Criminal IP has announced a strategic partnership with Securonix to integrate its exposure-based threat data directly into the ThreatQ platform. The integration, unveiled today, automates the correlation of raw intelligence with real-world attack surfaces, enabling security teams to prioritize threats with unprecedented speed and accuracy.
"Raw threat intel alone is like a map without landmarks—it lacks the context needed to act decisively," said Dr. Sarah Lin, Chief Threat Analyst at Criminal IP. "By embedding our exposure-based intelligence into ThreatQ, we give analysts a direct line of sight into which vulnerabilities are actually being exploited in the wild."
Background: The context gap in threat intelligence
Security operations centers (SOCs) struggle with an overwhelming volume of alerts. Traditional threat intelligence feeds provide indicators of compromise (IOCs) but often miss the environmental context—whether a specific IP address or service is currently exposed and actively targeted.
Criminal IP's Exposure Intelligence fills this void. It continuously scans the global internet for exposed assets and correlates them with active threat actor campaigns. Securonix ThreatQ, a leading threat intelligence platform (TIP), aggregates and enriches data from multiple sources.
“This collaboration closes a critical loop,” explained Marcus Webb, VP of Product at Securonix. “Analysts can now tag a threat indicator with its real-world exposure status—transforming static intel into dynamic, actionable data.”
How the integration works
The integration leverages RESTful APIs to stream Criminal IP’s exposure data directly into ThreatQ. Key capabilities include:
- Automated enrichment: Each incoming IOC is automatically checked against Criminal IP’s exposure database.
- Priority scoring: Threats associated with currently exposed assets are assigned a higher risk score.
- Seamless workflow: Investigators can pivot from a ThreatQ alert to Criminal IP’s detailed exposure report in one click.
“We’ve already seen a 40% reduction in false positives during pilot testing,” noted Caroline Tran, SOC Manager at a Fortune 500 company that participated in the beta. “Our team can now focus on the handful of incidents that truly matter.”
What this means for cybersecurity teams
For organizations already using ThreatQ, the partnership slashes the time between intel collection and remediation. Exposure-based context helps answer the critical question: “Is this threat affecting us right now?”
The move also signals a broader industry shift. “Context-driven threat intelligence is becoming table stakes,” said Dr. Lin. “Vendors that fail to integrate real-world exposure data will leave their customers fighting blind.”
Smaller teams, in particular, stand to benefit. By automating enrichment and prioritization, the integration reduces the need for manual analysis—freeing up talent to focus on strategic defense.
Rollout and availability
The Criminal IP connector for ThreatQ is available immediately to all Securonix ThreatQ customers at no additional cost. Criminal IP clients can also access the integration through the ThreatQ marketplace.
“We expect this to be a game-changer for mid-market SOCs,” added Webb. “The combination of exposure intelligence and a mature TIP platform is exactly what the industry needs to stay ahead of adversaries.”
This is a developing story. Check back for updates on deployment metrics and early customer feedback.