Use a Platform to adapt to the changing threat landscape and your evolving security organization

I am a computer scientist and purist when it comes to the vocabulary I use in technical discussions. Often (almost daily it feels like) I find myself talking about the difference between tools and platforms.  

Tools are designed based on predefined requirements and are meant to fulfill the need to which they were designed. Conversely, platforms are designed to enable the continuous design and build process to take place by people outside of the company that built the underlying platform. For example, your smartphone and computer are platforms while your pen is a tool. Even a really impressive pen with multiple ink colors…is still a pen.

 Storing Data and making it available via an API does NOT make you a platform!

The ThreatConnect Platform was designed to allow the underlying data model to be extended without development. Developers need the ability to update the data model to account for their own unique use-cases. This provides the ability to quickly and simply integrate with existing products and to bring together multiple disparate datasets for normalization, correlation, and analysis. Integrations with the underlying data model are made possible through multiple APIs that may facilitate data transfer and/or command and control with external systems.  

Having a SDK that allows a developer to more easily integrate with your API does NOT make you a platform!  

The ThreatConnect Platform includes Software Development Kits (SDKs) for Python, Java, and JavaScript/TypeScript. SDKs increase accessibility by abstracting APIs and the complexity of building Apps for ThreatConnect into a general purpose language. For example, the SDK allows Apps to be developed that leverage the entire ThreatConnect data model as well as critical Logging, Keychain, Notification, DataStore, ThreatConnect Query Language (TQL), and Metrics functions of the underlying platform.

Applications or Apps – Now we start getting into a place where your software might be a platform.  Most important Question – Can your customers, partners, friends, and family build on top of your software? If Yes – Hurray, You are probably a platform and if No – You are NOT a platform, and likely a “tool” for thinking you were.  

The ThreatConnect Platform allows anyone to build and run their own Apps that increase ThreatConnect’s capabilities by connecting to other external systems and to ThreatConnect APIs. This allows the platform to be enhanced AFTER it has been deployed. Apps take advantage of the default ThreatConnect horizontally and vertically scalable, messaging-driven architecture.  

Is the only way to extend a platform to write code? No, with playbooks or similar designer and runtime capabilities, you can extend the platform based on your own ideas and do so without needing to be a developer.

The ThreatConnect Platform’s Playbooks capability allows a sequence of automated or human tasks, arranged as a process, to be configured as a playbook, executed to incorporate automated analytics or human workflows, and measured to support continuous improvement. The processes playbooks, dashboards, and apps can be shared, and utilized by anyone in the ThreatConnect community.

The ThreatConnect Platform was built to adapt to a changing landscape of threats and an evolving security organization and marketplace.  

Over the last 7 years, we built a platform vs. a tool because only one thing is certain in security – change is inevitable.