Securonix and Criminal IP Forge Alliance for Proactive Threat Defense

TORRANCE, CA – May 01, 2026 – In a move set to enhance threat intelligence capabilities for security teams, Securonix has announced a strategic partnership with Criminal IP. The collaboration integrates Criminal IP's specialized threat intelligence directly into the Securonix ThreatQ platform, a move designed to provide organizations with real-time, exposure-based context to accelerate threat detection and response.

This partnership combines Securonix's established leadership in the Security Information and Event Management (SIEM) space with Criminal IP's innovative, AI-driven approach to tracking malicious internet infrastructure. By embedding external IP intelligence into existing security workflows, the integration aims to reduce manual analyst effort, improve the accuracy of threat prioritization, and provide a more holistic view of an organization's attack surface.

A New Paradigm in Threat Intelligence

The collaboration signals a significant shift in the cybersecurity landscape, moving beyond traditional, reactive threat intelligence models. For years, security operations centers (SOCs) have relied heavily on indicator-based feeds, which primarily list known malicious IP addresses, domains, and file hashes. While useful, this approach is often retrospective, identifying threats only after they have been observed in the wild.

Criminal IP, operated by AI SPERA, represents a more proactive paradigm focused on exposure-based intelligence. Instead of just flagging known bad actors, the platform continuously scans the global internet to understand how assets and infrastructure are exposed. This provides a unique, attacker-centric view of the threat landscape. The data provided goes far beyond a simple blocklist, offering rich contextual information such as maliciousness scoring, VPN and proxy detection, open port data, and associated vulnerabilities. This approach helps organizations understand not just if an IP address is a threat, but why it is a threat and what specific risks it poses.

This shift toward exposure management is a critical trend in an era of expanding digital footprints. As organizations move to the cloud and embrace remote work, their attack surfaces become more complex and difficult to monitor. By providing visibility into internet-facing assets and their potential weaknesses, exposure-based intelligence allows security teams to identify and mitigate risks before they can be exploited, moving from a reactive posture to a proactive one.

Automated Enrichment and Streamlined Investigations

A core benefit of the new integration is the automation of threat intelligence enrichment at scale. Within the unified ThreatQ environment, Criminal IP's APIs will automatically augment incoming IP indicators with its detailed contextual data. This process is orchestrated by ThreatQ's data-driven engine, which can be configured to run automated workflows that continuously evaluate new indicators against Criminal IP's vast and constantly updated database.

For security analysts, this integration promises a significant boost in efficiency and effectiveness. The ability to access Criminal IP's intelligence directly within the ThreatQ interface eliminates the need to switch between different tools during an investigation, a common source of friction and delay in many SOCs. Analysts can perform on-demand lookups from indicator detail views or investigation boards, gaining immediate access to crucial context when it is needed most.

This unified workspace enables real-time validation of suspicious IP activity. By combining exposure data with infrastructure-level insights, security teams can assess risk more effectively. Furthermore, the integration enhances ThreatQ’s investigation graph, a powerful visualization tool that helps analysts uncover hidden relationships between IP addresses, associated infrastructure, and broader attack campaigns. This capability is crucial for understanding the full scope of a threat and identifying patterns that might otherwise go unnoticed.

A Strategic Alliance in a Competitive Market

This partnership is a strategic maneuver for both companies within the highly competitive cybersecurity market. Securonix, consistently recognized as a Leader in Gartner's Magic Quadrant for SIEM, faces intense competition from industry giants like Splunk and Microsoft. The company has differentiated itself with its analytics-driven, cloud-native Unified Defense SIEM platform and its 2025 acquisition of ThreatQuotient. Integrating Criminal IP's unique exposure-based intelligence provides Securonix with a distinct competitive advantage, enriching its platform with a data source that many traditional SIEMs lack, thereby enhancing its ability to deliver on the promise of reduced false positives and more accurate threat detection.

For Criminal IP, a fast-growing innovator in the threat intelligence space, the partnership is a major validation. Having secured a Series B funding round in 2024 and established a global presence with clients in over 150 countries, integrating with a leading SIEM provider like Securonix significantly expands its market reach. It demonstrates the practical, operational value of its intelligence, moving it from a specialized lookup tool to a core component of an enterprise-grade security operations workflow. This follows a pattern of successful integrations with major platforms like VirusTotal, Tenable, and availability on cloud marketplaces including AWS and Microsoft Azure.

The collaboration highlights a broader industry trend: the move towards creating integrated security ecosystems through strategic alliances. Rather than attempting to build every capability in-house, companies are partnering to combine best-of-breed solutions, offering customers more comprehensive and effective protection.

Intelligence-Driven Prioritization and Response

By feeding Criminal IP’s rich data into ThreatQ’s scoring framework, organizations can more accurately align risk evaluation with their specific operational needs and threat models. This enables more precise prioritization, ensuring that security teams focus their limited resources on the most critical alerts first. The enriched data can also be visualized through custom dashboards, offering security leaders clearer visibility into maliciousness trends, the use of anonymizing services like VPNs, and the overall risk distribution across their environment.

“This integration enables organizations to bring IP reputation and exposure intelligence directly into the ThreatQ platform, supporting faster analysis and more effective response throughout the investigation lifecycle,” said Byungtak Kang, CEO of Criminal IP. “By integrating our intelligence into existing workflows, security teams can improve visibility and make more informed decisions without adding operational complexity.”

This sentiment was echoed by Securonix leadership. “This collaboration strengthens the role of IP intelligence at critical points of investigation and decision-making,” said Scott Sampson, Chief Revenue Officer at Securonix. “By combining ThreatQ’s orchestration and prioritization capabilities with Criminal IP’s real-time threat data, organizations can accelerate enrichment processes, reduce manual workloads, and focus on the most relevant threats within their environment.”

Ultimately, the partnership between Criminal IP and Securonix empowers security teams to operationalize threat intelligence more effectively, combining automated enrichment and sophisticated orchestration to build a more resilient and proactive defense against an ever-evolving threat landscape.