Collaborative threat intelligence platform from ThreatConnect
ThreatConnect launched the ThreatConnect Platform, a combination of analytical tools that assist in finding and analyzing threat indicators and community-based sharing features that enable communication and collaboration on emerging threats.
Core to the platform are ThreatConnect Communities which allow organizations to participate in social networking-type exchanges within broad customer, industry specific, and privately created communities. This core feature allows organizations to control who sees their information and the flexibility to participate in communities on topics of interest.
Social media-type feeds allow users to see the latest posts about advanced threats, drill into the technical details where they can add their own analysis for the community, and export into their on-site cyber security products. ThreatConnect supports both attributable (named) or anonymous sharing, so organizations have the ability to protect their privacy while still engaging with the community and sharing incident data.
ThreatConnect is a cloud-based service which allows for access after an identity verification process. However, ThreatConnect is also available as a private cloud version for selected customer groups, or can be deployed on-premise. ThreatConnect’s three month open pilot included more than 750 users, dozens of Fortune 500 and Fortune 1000 companies, and many small to medium sized businesses.
ThreatConnect’s offering includes an Intelligence Research Team (TCIRT) that is continually discovering and analyzing threat information. The team actively monitors numerous threat groups worldwide. These groups include major nation-state hacking groups responsible for attacks on the New York Times and major media outlets, critical infrastructure such as energy and power, and large financial institutions. The TCIRT participates in ThreatConnect’s moderated communities, contributing their latest research and playing a supporting role on challenging issues.
“TCIRT is there when expert researchers hit a wall, or when a business doesn’t have the requisite skill set in-house to conduct their own analysis. People can think of TCIRT as their own personal threat intelligence capability, available when you need it, and without the significant expense that comes from having this as an organic capability,” according to Richard Barger, TCIRT Director and Cyber Squared’s Chief Intelligence Officer.
The analysis capabilities of ThreatConnect enable users to compare suspicious data within their networks to what the community is seeing, thus assisting in determining the level of danger posed by this activity. The platform tracks advanced cyber threats and maintains history, so that organizations know where threats are today and where they may go tomorrow.