Skip to main content
Cybersecurity

Criminal IP Enhances ThreatQ with Real-Time Exposure Intelligence

Security operations center with laptop displaying threat intelligence data.

"This integration enables organizations to bring IP reputation and exposure intelligence directly into the ThreatQ platform, supporting faster analysis and more effective response throughout the investigation lifecycle," said Byungtak Kang, CEO of Criminal IP.

What the Criminal IP–ThreatQ integration is

Criminal IP has partnered with Securonix to integrate Criminal IP’s threat intelligence into ThreatQ, Securonix’s threat intelligence platform. The work embeds exposure-based IP intelligence into ThreatQ so organizations can incorporate external IP intelligence into existing workflows. The integration is designed to allow analysts to access Criminal IP intelligence directly within the ThreatQ interface—without switching tools—so that suspicious IP activity can be validated in real time from indicator detail views or investigation boards.

Automated intelligence enrichment at scale

Within the integrated environment, Criminal IP’s threat intelligence APIs automatically enrich incoming IP indicators in ThreatQ with contextual data. The source lists the enrichment fields explicitly: maliciousness scoring, VPN and proxy detection, remote access exposure, open ports, and known vulnerabilities. ThreatQ’s data-driven orchestration engine then allows organizations to configure automated workflows that continuously evaluate incoming indicators against Criminal IP’s threat database. The result, the companies say, is current threat context without manual analyst effort—supporting faster triage and more consistent prioritization.

Real-time investigation and the ThreatQ investigation graph

The integration promises to extend ThreatQ’s investigation graph by revealing relationships between IP addresses, associated infrastructure, and attack activity. Criminal IP’s exposure-based data is described as providing visibility into how assets and infrastructure are exposed across the internet; when embedded in ThreatQ it can show infrastructure-level insights alongside exposure data. Analysts can perform on-demand Criminal IP lookups from indicator detail views or investigation boards, and visualize enriched data through dashboards to see trends such as maliciousness, VPN usage, and risk distribution across indicators.

Intelligence-driven prioritization and response in ThreatQ

ThreatQ centralizes and prioritizes threat data from multiple sources; with Criminal IP integrated, organizations can enrich that central dataset with continuously updated, exposure-based intelligence. The source states that Criminal IP’s intelligence can be integrated into ThreatQ’s scoring framework so organizations can align risk evaluation with their specific operational environment. Securonix frames the outcome succinctly: “By combining ThreatQ’s orchestration and prioritization capabilities with Criminal IP’s real-time threat data, organizations can accelerate enrichment processes, reduce manual workloads, and focus on the most relevant threats within their environment,” said Scott Sampson, Chief Revenue Officer, Securonix.

What this means for technologists and security teams, procurement leaders, and analysts

  • Technologists and security teams: The integration is positioned to let teams incorporate exposure-based IP intelligence without altering their workflows. Teams can configure automated workflows in ThreatQ that continuously evaluate indicators against Criminal IP’s database, reducing the need for manual enrichment.
  • Procurement leaders and affected enterprises: The partnership packages Criminal IP’s continuously scanned, exposure-based signals into ThreatQ’s existing orchestration platform, which may influence purchasing choices by combining third-party IP reputation with the customer’s current toolset rather than requiring a separate product stack.
  • Analysts and SOCs: Analysts gain on-demand lookup capabilities from indicator detail views and investigation boards, enriched scoring inside ThreatQ, and graph-based visibility into relationships among IPs, infrastructure, and attack activity—intended to speed triage and make prioritization more consistent.

Criminal IP is operated by AI SPERA and is described in the source as a solution that continuously scans the global internet, aggregating and contextualizing threat signals across IPs, domains, URLs, and attack infrastructure, including malicious indicators, known vulnerabilities, exposed assets, and attacker behavior. Securonix describes ThreatQ within the context of its broader platform capabilities: its Unified Defense SIEM with Agentic AI, the Sam AI SOC Analyst, and a productivity-based AI operating model for the SOC. Securonix also notes recognition in market research and user feedback, citing a Leader placement in the Gartner® Magic Quadrant™ for SIEM and a Customers’ Choice designation by Gartner Peer Insights™.

Both vendors frame the collaboration as a way to operationalize threat intelligence by combining automated enrichment, workflow orchestration, and prioritization inside ThreatQ. In their words, the integration is meant to strengthen the role of IP intelligence at critical points of investigation and decision-making while reducing manual workloads and improving the speed and precision of responses.

Original story