Read insights, thought leadership, and platform updates.

We’re proud to announce the release of CAL 2.6, our latest addition to our Collective Analytic Layer’s featureset.  As the latest in our ongoing quest to find the most interesting intelligence and deliver it to you, we’ve decided to incorporate some additional datasets in the form of WHOIS records, a partnership with Quad9, and even […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. Roundup Highlight: Ryuk In this […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity helps you to see the story in your data without sacrificing thoroughness or speed. Incident Responders are often relegated to working in an environment where communication channels are compromised or non-existent. Real time information of the environment is […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases, demonstrating how Polarity helps you to see the story in your data without sacrificing thoroughness or speed. Despite the power and promise of SOAR capabilities, the fact remains that operational impact awareness is still often left to humans. Just because one […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. Roundup Highlight: Possible Ryuk Infrastructure […]

Using neural networks to identify algorithmically generated domains (AGDs) The problem with today’s generation A while back, we released a new CAL Feed that leveraged our ability to detect domains that were generated via an algorithm.  This is an interesting cohort of domains — they’re typically generated by machines and for machines.  That alone makes […]

ThreatConnect has partnered with Check Point and built a Playbook App for our joint customers to leverage. With the addition of this new Playbook App, immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence. Check Point’s Unified Security Management gives you unified management control […]

Workflow Refresher Earlier this year, in ThreatConnect 6.0, we released a new feature called Workflow. This capability enables users to define and memorialize processes for teams across the security organization. With Workflow, analysts and supervisors can establish a set of tasks necessary to complete a given type of investigation and share it with others on […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity augments analysts to deliver superhuman recall and contextual awareness. Whether a SOC operates 24×7, follows the sun, or hands off to a third party, it is critical that event analysis continues seamlessly across shifts and analysts. Critical actions […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day. With over 100 powerful integrations the Polarity open-source Integrations Library arms you with the right data at the right time to make informed decisions […]

Introduction Security Orchestration, Automation and Response (SOAR) platforms gain a lot of strength from the technologies they have in place to enable integrations and the quality of those integrations. As a SOAR vendor, building integrations internally results in high-quality solutions for our customers but it’s not the only way to make those integrations happen. With […]