Read insights, thought leadership, and platform updates.

The attack surface is expanding, burnout is climbing, and executive–security alignment is nigh. The Intel Hub turns that alignment into action. For years, cybersecurity teams have fought an asymmetric battle. Threat actors only need to succeed once. Defenders must succeed every time. But the rules of this game have changed – and the gap between […]

Typosquatting is a sneaky tactic where bad actors register misspelled versions of popular domain names—think amazn.com instead of amazon.com—to hijack traffic, mislead users, or even steal personal information. Every mistyped domain or accidental click that lands on a fake site instead of yours is a potential risk. In today’s threat landscape, protecting your brand means […]

The road to achieving FedRAMP Authorization is not an easy one. It’s a rigorous process that requires time, effort, and unwavering dedication to security and compliance. At ThreatConnect, we have recently announced that we have reached this milestone, a testament to our commitment to providing robust cybersecurity solutions that meet the highest government standards.  The […]

Ancient wisdom tells us that we must learn from the past to better adapt to what lies ahead. To survive and thrive in the future threat landscape, we must discard artifacts of the past and embrace a more evolved future. That’s why at RSAC this year, the ThreatConnect team opened the ThreatConnect Museum of Cyber […]

By now, you’ve probably purchased your passes. Your flight is booked. Your supply of business cards sits at the ready.  What more is there to do in preparation for RSAC 2025, taking place from April 28 to May 1 at the Moscone Center in San Francisco? Possibly quite a lot! That’s because when it comes […]

I’m excited to announce the release of ThreatConnect’s Threat Intelligence Operations Buyers Guide. The need for this type of guide is critical as the adoption of cyber threat intel (CTI) grows, and cybersecurity teams starting this journey need an understanding of what is required to implement and grow a TI Ops function. I continue to […]

The Diamond Model of Intrusion Analysis identifies two main nodes as actor assets that may ultimately interact with a target / victim’s own assets — capabilities and infrastructure. But while “exploitation” is usually considered something the adversary does, it works both ways as threat intelligence researchers and defenders in general can exploit the discoverable characteristics […]

Introduction Security Orchestration, Automation and Response (SOAR) platforms gain a lot of strength from the technologies they have in place to enable integrations and the quality of those integrations. As a SOAR vendor, building integrations internally results in high-quality solutions for our customers but it’s not the only way to make those integrations happen. With […]

Can a BEAR Fit Down a Rabbit Hole? ThreatConnect Identifies Infrastructure Nexus Between Attacks Against State Election Boards and Spearphishing Campaign Against Turkish, Ukrainian Governments The question on everyone’s mind: Who is behind the recently reported compromises of Arizona and Illinois’ state board of elections (SBOE)? The answer is, we don’t know. When we reviewed FBI […]

Identifies DCLeaks As Another Russian-backed Influence Outlet Read the full series of ThreatConnect posts following the DNC Breach: “Rebooting Watergate: Tapping into the Democratic National Committee“, “Shiny Object? Guccifer 2.0 and the DNC Breach“, “What’s in a Name Server?“, “Guccifer 2.0: the Man, the Myth, the Legend?“, “Guccifer 2.0: All Roads Lead to Russia“, “FANCY BEAR […]

“What are the best, most important threat intelligence feeds that I should integrate into my security operations?“ What Feeds Me, Destroys Me Seriously, every time I get this question a little part of me dies. My left eye begins to twitch. This wave of heat rises up from my belly, and I feel it in […]