“Legacy approaches to threat intelligence are no longer sufficient to protect the enterprise in a world of an expanding attack surface and increasing velocity and sophistication of threats,” said Andrew Pendergast, EVP of Product at ThreatConnect. “Security operations must modernize by adopting a new approach that puts threat intelligence at the core of everything – aggregating TI from multiple sources, prioritizing the most dangerous threats, and taking timely action so security programs can be strategic and proactive.”
The ThreatConnect Platform enables organizations to achieve alignment between security operations and the critical risks to the business as well as better security efficiencies and greater effectiveness, including faster time to mitigate critical vulnerabilities and faster mean time to detect (MTTD) and respond (MTTR) to threats. In a recent survey of ThreatConnect customers, more than 68% of respondents said that the product helped them improve their MTTR by more than 50%. In the same survey, 95% of respondents noted that ThreatConnect enabled them to get more value from their existing security tools such as SIEM, XDR, and SOAR.
Customers can now go beyond just managing threat intel to operationalizing it and fusing it across every part of your security program, from threat investigation to incident response to vulnerability management.
ML-Powered Global Intelligence and Analytics with CAL™ v3.0
With the introduction of a native natural language processing (NLP) to the ThreatConnect Platform now automates many analyst activities saving them time and effort. CAL™ now has the ability to understand MITRE ATT&CK techniques. This capability underpins the new CAL™Automated Threat Library (ATL) intelligence. Analysts no longer need to visit dozens of blogs and news sources every day, analyzing the sources for indicators, threat actors, and ATT&CK techniques, and copying and pasting relevant intel. CAL™ ATL automatically aggregates, enriches, scores,analyzes, and filters more than 60 top threat intel-related news sources into an intel feed ready to be used in the ThreatConnect Platform with more sources being added all the time.
Native Reporting Engine
The CISO down to security analysts need timely and relevant information and insights to make strategic, tactical, and operational decisions. With ThreatConnect’s native Reporting engine, customers can easily create custom reports to put actionable information in front of the right people at the right time to improve defenses. With this new capability, users can create reports directly in the Platform using the built-in report editor, saving time and effort by leveraging the intelligence already aggregated and built from your threat library in ThreatConnect with powerful graphs, charts, and free form text..
Built-in Enrichment with our top enrichment provider partners automates and streamlines the process of adding context to Indicators of Compromise. Users will have a simple, plug-and-play experience to have the most common enrichment providers set up throughout the ThreatConnect platform, helping them to identify false positives, and to pull out actionable intelligence to improve detection efficacy and speed up threat response.
ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations’ most critical assets.