Read insights, thought leadership, and platform updates.

ThreatConnect® has partnered with Malformity Labs LLC to develop a full transform set that allows for data from ThreatConnect to be integrated with the capabilities of Maltego. All ThreatConnect customers can take advantage of our partnership with Malformity Labs LLC and use the Maltego transform set through the ThreatConnect®  API and a provided transform server. Customers […]

How Threat Intelligence fits within Risk Management This is the second post in a series exploring the relationship of threat intelligence and risk management. If you missed the previous one, wherein I briefly explained why these two should get together, read that first. If you’re wondering what qualifies me to pontificate about managing risk, don’t worry; it’s on my […]

Executive Summary In early July 2015, Chinese APT actors used an Adobe Flash Player exploit within a specific webpage detailing a noteworthy international legal case between the Philippines and China. This precedent setting legal case would be followed by many Southeast Asian nations, as well as others around the globe. The exploit appeared on day […]

Introduction to Threat Intelligence and Risk Management Several of us at ThreatConnect attended the Gartner Security & Risk Management Summit last week, which, conveniently took place right across the river from our home offices. I’m not sure if it’s the Summit, the summer, or something else, but I’ve been thinking quite a lot lately about […]

As highlighted in our recent webinar with Rick Holland, when there is a security event of great magnitude, organizational leadership will want to know as much as possible about the technical WHAT and HOW, as well as the WHO and the WHEN. In many cases, not all of these questions can be answered definitively; however, […]

Back in February 2015, the ThreatConnect team conducted in-depth independent analysis of the Anthem breach, finding connections to amorphous Chinese APT activity. Although our primary concern at the time was with the malicious Wellpoint/Anthem and VAE, Inc. (a Federal contractor) command and control domains, we couldn’t help but notice a peculiar related OPM-themed domain, opm-learning[.]org. […]

Arguably one of the most controversial subjects in Threat Intelligence currently is the topic of Attribution, or developing Adversary Intelligence. Industry pundits will debate attribution with a religious zeal, bashing each other with talking points for and against the position.  Unfortunately, many newcomers to the debate, as well as experienced practitioners and consumers, are often caught […]

The Cost of Bad (and Value of Good) Threat Intelligence Written by Andy Pendergast, co-author of the Diamond Model for Intrusion Analysis Earlier this week, Sergio Caltagirone. published an article on his blog, highlighting the cost of bad threat intelligence. His points were valid. There is a very real risk in terms of lost time, […]

I am excited to see threat intelligence sharing is catching on as a way to empower cyber security defenders with timely, relevant, and actionable threat intelligence data.  I believe, and I actually always have, in “crowd power”.  Our Intelligence Research Team, contributes daily to our ThreatConnect Communities.  The team takes great pride in sharing with […]

Like many of my infosec brethren and sistren (yep; apparently it’s a word), I leave some sad kids behind every year as I make the annual pilgrimage to the RSA 2015 Conference. This year, my 8 year old put me on the spot as I headed out the door by asking “what’s the RSA Conference […]

Before we get started on Verizon’s 2015 Data Breach Investigations Report (DBIR), let’s address the elephant in the room. I created the DBIR back in 2008 and have led the excellent team that produces it since then (including the new 2015 edition). In a purely coincidental twist of timing, I joined ThreatConnect mere days before […]

“If the only tool you have is a hammer, you tend to see every problem as a nail.” Abraham Maslow Throughout the enterprise there are security personnel using a variety of processes and tools to conduct their incident response, network defense, and threat and risk analysis. Generally speaking, either most security teams haven’t centralized their […]