03.29.18

When You're a Platform, Everything Else is a Tool

in | by Adam Vincent

Use a Platform to adapt to the changing threat landscape and your evolving security organization

I am a computer scientist and purist when it comes to the vocabulary I use in technical discussions. Often (almost daily it feels like) I find myself talking about the difference between tools and platforms.  

Tools are designed based on predefined requirements and are meant to fulfill the need to which they were designed. Conversely, platforms are designed to enable the continuous design and build process to take place by people outside of the company that built the underlying platform. For example, your smartphone and computer are platforms while your pen is a tool. Even a really impressive pen with multiple ink colors…is still a pen.

 

storing-data-api-threatconnect

 

 

 Storing Data and making it available via an API does NOT make you a platform!

 

 

 

 

 

The ThreatConnect Platform was designed to allow the underlying data model to be extended without development. Developers need the ability to update the data model to account for their own unique use-cases. This provides the ability to quickly and simply integrate with existing products and to bring together multiple disparate datasets for normalization, correlation, and analysis. Integrations with the underlying data model are made possible through multiple APIs that may facilitate data transfer and/or command and control with external systems.  

 

sdk-api-data-model-threatconnect

 

 

Having a SDK that allows a developer to more easily integrate with your API does NOT make you a platform!  

 

 

 

 

 

The ThreatConnect Platform includes Software Development Kits (SDKs) for Python, Java, and JavaScript/TypeScript. SDKs increase accessibility by abstracting APIs and the complexity of building Apps for ThreatConnect into a general purpose language. For example, the SDK allows Apps to be developed that leverage the entire ThreatConnect data model as well as critical Logging, Keychain, Notification, DataStore, ThreatConnect Query Language (TQL), and Metrics functions of the underlying platform.

 

applications-threatconnect

 

Applications or Apps – Now we start getting into a place where your software might be a platform.  Most important Question – Can your customers, partners, friends, and family build on top of your software? If Yes – Hurray, You are probably a platform and if No – You are NOT a platform, and likely a “tool” for thinking you were.  

 

 

 

 

 

The ThreatConnect Platform allows anyone to build and run their own Apps that increase ThreatConnect’s capabilities by connecting to other external systems and to ThreatConnect APIs. This allows the platform to be enhanced AFTER it has been deployed. Apps take advantage of the default ThreatConnect horizontally and vertically scalable, messaging-driven architecture.  

 

apps-playbooks-sdk-api-threatconnect

 

 

 

 

Is the only way to extend a platform to write code? No, with playbooks or similar designer and runtime capabilities, you can extend the platform based on your own ideas and do so without needing to be a developer.

 

 

 

 

 

The ThreatConnect Platform’s Playbooks capability allows a sequence of automated or human tasks, arranged as a process, to be configured as a playbook, executed to incorporate automated analytics or human workflows, and measured to support continuous improvement. The processes playbooks, dashboards, and apps can be shared, and utilized by anyone in the ThreatConnect community.

The ThreatConnect Platform was built to adapt to a changing landscape of threats and an evolving security organization and marketplace.  

Over the last 7 years, we built a platform vs. a tool because only one thing is certain in security – change is inevitable.

Adam Vincent
About the Author
Adam Vincent

Adam is an information security expert and is currently the CEO and a founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, four children, and dog.

Share

Related Posts

  1. Is Your Threat Intelligence Platform Just a Tool?
  2. What’s in a Platform?
  3. Share The Love: Using ThreatConnect as a Threat Intelligence Sharing Platform for ISACs, ISAOs, and their Members

Subscribe

Interested in learning more about how ThreatConnect can help unite your security team and protect your enterprise?

Contact Us
Follow a manual added link
tc-logo
Request a Demo Login
USA HQ

3865 Wilson Blvd.
Suite 550
Arlington, VA 22203
Directions

Toll Free: +1.800.965.2708
Local: +1.703.229.4240
Fax: +1.703.229.4489

Solution

By Industry
By Role
By Need
How to Buy

Company

About
Leadership
Methodology
Research Team
Careers

Learning Portal

Learn More
Knowledge Base
Github Repository

UK Office

15 Bishiopsgate
London, EC2N 3AR
United Kingdom

Tel: +44 20 7936 9101

Learn

Blog
Resources
News
Events

Contact

Sales
Support
PR
Training

Romania Office

Bloc F, Etaj 1
The Office
Buleverdul 21 Decembrie 1989
400124
Cluj Napoca
Romania

©2012- 2021 ThreatConnect, Inc. All Rights Reserved

Privacy Policy | Sitemap | Terms of Service