Posted
This is the third in a series of blog posts about how organizations are utilizing the ThreatConnect platform. We’re going to share stories of how customers just like you have transformed their security programs using ThreatConnect, in particular, creating a cybersecurity system of record. In order to keep our customers secure, will be using pseudonyms instead of the real organization names.
Introducing Customer C
Customer C is a Global 100 law firm based in New York City, who we will call Pearson Specter Litt. They have a large IT department, but only one IT specialist who is responsible for network security – let’s call him Benjamin. Benjamin’s main motivations include protecting his firm’s network from targeted attacks and large bags of bacon. Just last year, Pearson Specter Litt started a dedicated cybersecurity and information security effort, which is led by Benjamin. They’ve recently invested in a SIEM and are subscribed to a few blacklist feeds.
Pearson Specter Litt began to run into problems as they expanded their information security program. They found that they didn’t have a reliable way to ingest large volumes of threat data. Even if Benjamin could do that, he had no way of prioritizing their data, or figuring out what parts of each of their feeds actually matters to the security of the firm.
Once Pearson Specter Litt implemented ThreatConnect, Benjamin was able to:
Collect all of their data in one central place
Using ThreatConnect’s Open API (application programming interface), Benjamin was able to put all of their threat feeds, as well as their SIEM data, in one place – the ThreatConnect platform. ThreatConnect automatically correlates, normalizes, and aggregates all of the firm’s data, preventing Benjamin from spending hours of time manually copying and pasting data into a central spreadsheet.
Prioritize their threat data
When Benjamin put all of their data in one place, he knew they also needed to start making sense of it. He learned that their data sources were not of equal value – some were more valuable than others; some full of false positives. By using ThreatConnect, he is now able to start rating their sources by quality, relevance, and accuracy. The platform has a built-in rating scale, false positive tagging, and also tracks how often a particular indicator is observed in the network. Now, Benjamin can focus his time on the firm’s real threats.
Create a cybersecurity system of record
Benjamin can now aggregate and store all of the firm’s vetted and prioritized data in the platform. ThreatConnect also started to memorialize the processes he used, so that he could easily repeat them later. With everything stored in the platform, Benjamin has started to build a system of record for the Pearson Specter Litt security program. He is now able to look at what has been seen in their network before, how it was handled, and can make more informed decision about how to proceed.