Criminal IP and Securonix ThreatQ Team Up to Boost Threat Intel

Criminal IP, a provider of exposure‑based threat intelligence, announced a partnership with Securonix to embed its rich contextual data directly into the Securonix ThreatQ platform. By feeding Criminal IP’s IP reputation, geolocation, and exposure attributes into ThreatQ’s correlation engine, security teams can automatically enrich alerts with real‑world context, cutting the time analysts spend manually pivoting between data sources.

Under the hood, the integration leverages a RESTful API that streams Criminal IP’s structured indicators into ThreatQ’s data lake. Each indicator is tagged with MITRE ATT&CK tactics and techniques, allowing ThreatQ to map suspicious activity to known threat actor patterns without additional manual mapping. The API also supplies risk scores derived from Criminal IP’s continuous passive DNS analysis and honeypot telemetry, which ThreatQ uses to recalculate alert severity on the fly.

Security operations center (SOC) teams that adopt the combined solution report a 40‑percent reduction in mean time to detect (MTTD) and a 30‑percent decrease in the number of escalations requiring human review. Automated enrichment enables analysts to focus on high‑priority incidents, while the exposure context helps filter out false positives that would otherwise overwhelm legacy rule‑based systems.

The new connector is available immediately for existing ThreatQ customers through the Securonix Marketplace, and Criminal IP offers a free trial for organizations looking to test the enriched workflow. "Our mission is to give defenders the context they need to act, not just data," said Alex Kim, CEO of Criminal IP. "By plugging our exposure engine into Securonix ThreatQ, we’re turning raw alerts into actionable intelligence at machine speed."