Offense Wins Games, Defense Wins Super Bowls

Super Bowl Champions: How Threat Intelligence Platforms Create Winning Teams

super-bowl-game-winning-playFor those of you who have visited ThreatConnect’s offices, you know that office conversations tend to focus on one of two things: threat intelligence or Star Wars. However, during the fall and winter months, you will hear a different topic of conversation – football. Although football and threat intelligence platforms do not generally go hand in hand, the current Super Bowl excitement has led us to connect the two. What makes a true threat intelligence platform can be hard to understand if you’re not sure where to start. A threat intelligence platform can be explained simply – it is just like football. Stay with me, I can explain…

As Super Bowl 50 approaches, there has been quite a bit of buzz around our office – both past and present. And, of course when discussing past Super Bowls Patriots fans and other football fans that strongly dislike the Patriots get to debating. As it turns out, last year’s game-winning play by the Patriots can apply to a threat intelligence practice. For those of you who don’t remember, here’s a quick summary: With 20 seconds left in Super Bowl XLIX, Malcolm Butler, an undrafted New England Patriots rookie, intercepted an attempted pass to the Seattle Seahawks’ Ricardo Lockette at the goal line. This returned possession to the Patriots ultimately solidifying their Super Bowl victory.



The Patriot’s Director of Football Research Ernie Adams conducted countless hours of research on the Seahawks to determine what plays would put the Patriots in the best position to win. He is even recorded saying, “You are going to win or lose games at practice, because you’re seasoned, you’re trained, you’ve seen it, you can react to make the play.” Patriots defensive coordinator Matt Patricia prepared his team well and ran the exact play described above with multiple players during practice. Because of the intense preparation, Butler anticipated the pick and was able to make the interception.

As in football, ThreatConnect’s Threat Intelligence Platform (TIP) allows you to review your adversaries ‘game footage’ by analyzing threats to your network and enriching your threat data with indicators. ThreatConnect features in-platform visualization of threat intelligence through our dashboards and visualization app. Indicators can be automatically enriched through our third-party integration apps, giving you even more context about threats. Once you are able to view and analyze all of your data in one place, you can put together your own threat intelligence ‘playbook’, or strategy, and implement it against your adversary.

The more you know about your opponent, the more likely you are to get that game-winning interception. Just like in football, the more you know about your adversary, the more likely you are to intercept their malicious intentions before they are completed.




The Patriots practiced every possible scenario together before Super Bowl XLIX. Patriots receiver Brian Tyms spoke with the Boston Globe and said, “Everybody gets a chance in practice… So when somebody goes down, there’s no ifs, ands, or buts  about it. Everybody’s ready.” Cornerback Brandon Browner and linebacker Jonathan Casillas also praised Butler for his skills in practice and his instinct in the game. If Butler did not play well with his team, and they did not hold him accountable for his actions, they would have never won another Super Bowl ring.
A TIP’s success is based on this same principal. Everyone from the CISO to the analysts can work together to best protect the organization from threats. Through ThreatConnect’s new dashboard, you can quickly see your team’s to-do list and characterize your intelligence sources in one quick view. You can ‘practice’ together, and constantly be aware of what you and your team are responsible for. ThreatConnect’s strong in-platform task deadline management holds the whole team accountable, enabling them to succeed together.



During Super Bowl XLIX, the Seahawks were on the Patriots’ one yard line with only one minute left in the game. As the clock ticked down, many people would have called for a timeout – but the Patriots coach Bill Belichick decided not to. The Seahawks sent out their three receiver offense at the same time the Patriots put in their goal-line defense. Belichick believed that his defense was in the best possible position. However, his defense was able to customize the play, in real-time, to adjust to the to the situation and decided to continue the game with no time out. It was then that Malcolm Butler made his game-winning interception.

Just like a football team, a threat intelligence platform enables ‘wins’, or threat detection, by the power of their customization. In a true TIP, you will be able to build and host your apps within the platform itself. You can both build apps using ThreatConnect’s powerful JavaScript software development kit and host those apps in one central environment called ThreatConnect Spaces. Just like football coaches tailor their plays based on the particular situation, threat intelligence teams can tailor the platform to be exactly what they need to win.


We’re going to Disneyland!

Finally, a football team measures success just like threat intelligence platforms – by return on investment (ROI). A football team is constantly evaluating and measuring what is best for their franchise. Throughout the season, coaches and coordinators will adjust the plays based on player capabilities and on the opponent. Coaches may change how the team practices, and players may train harder to improve their own performance.

All season, the Patriots constantly measured and adjusted their ‘investments’ – the players. With each game, the coaches and players adjusted how they practiced and how they played. If it was not for the intense preparation, Malcolm Butler would have never been able to anticipate the pass to Ricardo Lockette. Although Butler made the play and clinched the Patriots victory, the victory benefitted the entire team. From the players getting to take the coveted champions trip to Disneyland all the way to the fans who get bragging rights for the year, a Super Bowl victory is the ultimate ROI for a NFL franchise.


Unlike football, TIPs did not previously have a concrete way to measure the ROI of their intelligence sources. You can now get insight into the quality, relevance, and accuracy of your sources through ThreatConnect’s ROI for Intel features. Once you have differentiated your sources, you will know what intelligence sources are best for your organization, allowing you to invest your organization’s time and money effectively and efficiently. Once you have established what is best for your organization, you will be in the best possible position to ‘win’ – to catch your adversaries.



Every football player, young or old, wants to play for the best franchise or team in their league. They have the best resources and provide the best opportunities to be successful. A great TIP is like that – it has better opportunities for everyone and empowers everyone in the organization to do his or her job better. Whether you are looking to catch an elusive adversary or get a Super Bowl ring, teamwork, customization, ROI, and a great playbook are the keys to your success.


Request A ThreatConnect Demo Now

Adam Vincent
About the Author
Adam Vincent

Adam is an information security expert and is currently the CEO and a founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, four children, and dog.