Securonix ThreatQ Integrates Criminal IP Threat Intelligence to Boost Third‑Party Risk Visibility
What Happened – Securonix announced that its ThreatQ platform now natively ingests Criminal IP’s exposure‑based threat intelligence via API. The integration enriches every IP indicator with real‑time maliciousness scores, VPN/proxy detection, open‑port data and known vulnerabilities, all without changing existing analyst workflows.
Why It Matters for TPRM –
- Provides continuous, external visibility into how a vendor’s assets are exposed on the public Internet.
- Enables automated risk scoring that can be fed into third‑party risk dashboards, reducing manual effort.
- Enhances incident response speed, limiting potential supply‑chain impact from compromised third‑party infrastructure.
Who Is Affected – Organizations that use ThreatQ (primarily large enterprises, MSSPs, and security‑focused SaaS providers) across all industries; especially those with extensive third‑party ecosystems.
Recommended Actions –
- Review your current ThreatQ or SIEM integrations to confirm the Criminal IP feed is enabled.
- Map the new exposure data to your vendor risk scoring model and adjust thresholds if needed.
- Validate that the API keys and access controls for the Criminal IP service follow your zero‑trust policies.
Technical Notes – The integration leverages Criminal IP’s RESTful APIs to pull exposure data (maliciousness score, VPN/proxy status, open ports, CVE references) and automatically enriches ThreatQ’s indicator graph. No new CVEs are introduced; the value is purely contextual enrichment. Source: BleepingComputer