Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

Community Powered Insight Gives Defenders the Advantage

ThreatConnect cal (collective analytics layer) enhance intelligence with global context

Leveraging Automation and the Cloud to Improve Cyber Response

Threats are moving faster than ever in today’s cyber threat environment. A timely and impactful response to an ongoing cyberattack is critical. Yet, still, today, many companies cannot detect any potentially malicious activity, especially in the early phases of an attack. Most companies are just outnumbered by well-funded and experienced threat actors, and find it difficult to maintain pace with the ongoing barrage of threats.

Crowdsourcing has emerged to help address the huge imbalance between threat actors and defenders. In industries like penetration testing (pentest), talent is regularly sourced for a variety of pentest missions. Over the past years, many organizations have been created to help cybersecurity professionals collaborate and share data. These organizations allow members to share cyber threat information within this community with other trusted members. The goal is to identify and leverage actionable intelligence faster to identify and stop threats faster. 

ThreatConnect has re-imagined the concept of crowdsourced security within the  CAL™ (Collective Analytics Layer) of the ThreatConnect® Platform. The initial vision was to use technology to improve the speed and widespread sharing of critical threat information among the cybersecurity professionals that participate. The ThreatConnect Platform already helps you identify threats with your own data. Now, with CAL, ThreatConnect provides an anonymous yet highly connected community a way to learn how many times potential threats have been identified across all participating platform instances. CAL brings a game changing increase in both visibility and speed to your SOC. 

How Does CAL Work?

ThreatConnect’s CAL™ provides a way to learn how widespread and relevant a threat is by anonymously leveraging the multitude of data points from the many thousands of analysts that use the ThreatConnect Platform. CAL does this by combining data from the many billions of indicators collected from open and proprietary data sources. CAL then applies analytics to find the critical and meaningful connections and then identifies this through the in-platform scoring of the ThreatConnect Platform’s ThreatAssess. This reputation analysis defines and presents the urgency and criticality of each indicator of compromise (IOC). This is done on a single numeric scale to more intuitively and effectively prioritize decision-making.

CAL and the ThreatConnect Platform have empowered the crowd, and the crowd can now begin to outpace the attackers. The power of the ThreatConnect Platform is multiplied by using both orchestration and threat intelligence from the multitude of sources, including the CAL community, to move faster and more decisively to identify and defeat new threats. 

CAL Provides Many Benefits

CAL brings many other benefits for your team. CAL helps your team prioritize IOCs to reduce common alert fatigue. CAL’s analytics help maximize efficiency by removing low (or no!) priority IOCs from your system. The benefits include less alert fatigue and less time wasted on false positives. CAL saves around 500,000,000 false alerts a month across our ecosystem. Your workflow will run faster, and the overall performance of your security information and event manager (SIEM) will improve.

CAL brings other important benefits to you. CAL report cards let you know how your existing open source feeds are performing on a comparative basis. You can also see which sources provide IOCs relevant to your organization that other sources cannot, as well as compare unique IOC counts.

One of the most significant goals is to move your team from a reactive to a more proactive response. CAL Feeds help accomplish this task by identifying potentially critical areas of insight for follow-up investigation by your team. CAL datasets and analytics also enable your team to proactively identify productive hunting ground targets.

Learn More

To learn more about how CAL has re-imagined and automated the concept of crowdsourced security, please reach out to us via /contact/, and we’ll be pleased to share a demonstration of the ThreatConnect Platform. You can also find more information about CAL here on our website.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.