Limiting Operational Impact in a COVID-World

Today’s normal is definitely a different look from what we knew 6 months ago. The world — along with our professional and personal lives — changed tremendously during the first half of 2020 and it continues to do so. While working within your organizations, many have been asked to do more with less. During this time budgets took a hit and companies tightened their expenses to prepare for a future that no one can predict. As the global COVID pandemic set in, many customers were left scrambling with how their organizations were impacted and targeted by adversaries looking to take advantage of the global crisis.

In March, our Customer Success team took notice of the uptick in COVID-related attacks. We provided a COVID-19 Dashboard as part of our Playbook Friday Blog series that enabled our customers to use a provided system Dashboard as well as instructions for how customers could build their own.

COVID-19 Dashboard

 

As the leader of Customer Success at ThreatConnect, I can assure you that our number one priority is assisting customers with getting as much value as possible from the Platform and ensuring the Return on Investment (ROI) is maximized. Creating these Dashboards not only enabled our customers in an expedited manner, but we were also able to get relevant and timely resources to them based on the sources they utilize. This provided customers with the capability to efficiently send COVID-19 related data to any integrated devices, such as a Security Information and Event Management (SIEM) system. Analysts could easily take a look at the Dashboards and see the amount of COVID-19 related Incidents, documents, reports and infrastructure being reported. This information was used by several customers to update executive leadership and provide insight on how ThreatConnect was automating the process from aggregating data feeds, normalizing data from disparate sources to the ThreatConnect data model and then pushing the data to any integrated devices based off pre-defined criteria (tags, data feeds, date and time reported, etc.).

Leadership is consistently looking for proactive actions that are being taken by their security team to ensure the security posture of the environment and its assets are protected. Capitalizing on automated processes and pre-populated Dashboards enabled our customers to do this with little to no effort. Both the ThreatConnect Research and Customer Success teams were vested in ensuring our customers were able to get immediate value from the Dashboards and CAL Feeds within days of the global shutdown.

CAL Feed

 

Several customers reported back to our Customer Success team that based off of the ThreatConnect Dashboards and CAL Feeds they were easily able to identify several incidents within their environment based off of the new COVID-19 Dashboard and CAL Feeds. Furthermore, by utilizing the CAL Feed this allowed tens of thousands of newly registered domains to be paired down to about 50 domains a day. This ultimately assisted customers with looking at high fidelity domains and not left with guessing at what domains to take a look at. Being more efficient and concise during the identification phase of an investigation helps a customer recognize time to value and return on investment in parallel.

The work put in behind the scenes by Customer Success allowed customers to expedite the usage of COVID-19 Dashboards while limiting the operational impact and potential risk to their security operations. Our team will continue to strive to provide value to our customers so they can continue to get the most value out of their investment and our partnership.

 

 

About the Author
Jody Caldwell

Jody Caldwell is the Senior Director of Customer Success for ThreatConnect. Previously, he spent time in both the DoD and the Intelligence Community working with Network Security Operations Centers (NSOC) and Computer Emergency Response Teams (CERTS) in a variety of positions that include cyber threat analysis and leading cyber threat hunt teams. Jody's passionate about working with customers to strengthen security programs and leverage cyber threat intelligence to enhance their awareness while mitigating risks. Jody lives in Charleston, SC and enjoys boating and golfing.