To recap, some of the key questions were:
What steps has ThreatAware taken to protect their own application and monitor that process? Also, if an application that has an API to the ThreatAware Dashboard becomes susceptible to a hack, could that be an impact on ThreatAware, or do you have a process of isolating that vulnerable application/feed?
The response was that ThreatAware worked with AWS and high-level security experts to build the solution in a secure way from the ground up, as well as getting ISO27001 certified to ensure they have the correct policies and procedures in place to reduce risk. They also keep all tenants in separate silos to avoid any sideways movement in the event of an incident. Finally, while ThreatAware does offer remediation direct from their platform, they have been careful to reduce risk by ensuring any advanced remediation still needs to be triggered from the 3rd party vendor portal and prevent editing of API calls by ensuring 3rd party systems only accept exact API calls.
In terms of vulnerability management are you dependent on a 3rd party vulnerability manager like Tenable being used or does the ThreatAware do patching natively?
Patching is not something ThreatAware does itself, however, ThreatAware support various RMM tools such as Action1 or others and then they also support Heimdal Security which does patch management. You are also able to use Tenable or Qualys and then integrate with those systems through ThreatAware.
Do integrations like M365 have to be setup per tenant?
Yes, you need to setup each tenant since they are all kept separate and because you will need to enable ThreatAware within the M365 tenant to collect information.
Does this support multiple customers in a single pane of glass?
Yes, it does, but at the dashboard level, if you want to dive into inventory or assets, you need to do so by going into the end user tenant within ThreatAware.
Can the asset/status data captured by ThreatAware be exported/consumed by other systems...? Is there an API?
Yes, it can, ThreatAware are able to serve data to other systems on a case-by-case basis, so if this is a requirement for you, please let us know
If a customer already has some of this data from sources aggregated in a SIEM, e.g., Sentinel, would you see ThreatAware as a replacement for the SIEM or as complimentary?
This is very much a complimentary solution to SIEM.
If I was a Director, IT or otherwise, can I export and present management report summaries showing trending and how well the investment is doing with the MSP?
Yes, ThreatAware generates high-level reports that can be used to highlight an end user’s security posture to management. These reports can also be scheduled.
Are there email alerts etc. alerts be categorised and grouped so that critical warnings will be sent client wide for the client base?
Yes, alerts can be setup and configured, admittedly this is something that is being improved right now, but the goal is to allow partners to set alert levels for different solutions, so you are alerted to the major threats as soon as they are seen in the system.
Are there any "essential" sources e.g., must be an identity service and an AV for each customer to get real value from ThreatAware?
Typically, ThreatAware suggest 5 integrations, but it entirely depends on the MSP security stack.
What services are ThreatAware integrated with?
You can find the full (and growing) list here.
