Read insights, thought leadership, and platform updates.

Arguably one of the most controversial subjects in Threat Intelligence currently is the topic of Attribution, or developing Adversary Intelligence. Industry pundits will debate attribution with a religious zeal, bashing each other with talking points for and against the position.  Unfortunately, many newcomers to the debate, as well as experienced practitioners and consumers, are often caught […]

The Cost of Bad (and Value of Good) Threat Intelligence Written by Andy Pendergast, co-author of the Diamond Model for Intrusion Analysis Earlier this week, Sergio Caltagirone. published an article on his blog, highlighting the cost of bad threat intelligence. His points were valid. There is a very real risk in terms of lost time, […]

I am excited to see threat intelligence sharing is catching on as a way to empower cyber security defenders with timely, relevant, and actionable threat intelligence data.  I believe, and I actually always have, in “crowd power”.  Our Intelligence Research Team, contributes daily to our ThreatConnect Communities.  The team takes great pride in sharing with […]

Like many of my infosec brethren and sistren (yep; apparently it’s a word), I leave some sad kids behind every year as I make the annual pilgrimage to the RSA 2015 Conference. This year, my 8 year old put me on the spot as I headed out the door by asking “what’s the RSA Conference […]

Before we get started on Verizon’s 2015 Data Breach Investigations Report (DBIR), let’s address the elephant in the room. I created the DBIR back in 2008 and have led the excellent team that produces it since then (including the new 2015 edition). In a purely coincidental twist of timing, I joined ThreatConnect mere days before […]

“If the only tool you have is a hammer, you tend to see every problem as a nail.” Abraham Maslow Throughout the enterprise there are security personnel using a variety of processes and tools to conduct their incident response, network defense, and threat and risk analysis. Generally speaking, either most security teams haven’t centralized their […]

Similarities with Wellpoint/Anthem Event Should be Understood The recent announcement from Premera Blue Cross Blue Shield that it has fallen victim to a sophisticated cyber attack that reportedly compromised the medical and financial data of 11 million members is the latest in a series of high-profile cyberattacks targeting the medical and healthcare industry. ThreatConnect’s analysis […]

When news of the Anthem breach was reported on February 4th, 2015, the security industry quite understandably went wild. A breach of this magnitude was certainly unprecedented.  Naturally, many industry professionals were keenly interested in digging into this incident to see what could be uncovered, and the research team at ThreatConnect was no exception.  Thanks […]

Introduction The Diamond Model of Intrusion Analysis is the analytic methodology upon which ThreatConnect is built.  Developed by a number of preeminent security researchers and analysts (including our own Andy Pendergast), the Diamond Model exists both as a cognitive model to organize extensive sets of interrelated logic, as well as a series of mathematical techniques […]

Communities, sharing, and collaboration have hit the hype curve in cyber security circles.  While the marketplace includes products that offer information exchange or are bolting on support for collaboration; sharing communities were one of the first realities of our vision since product inception and rolled out with ThreatConnect 1.0. Don’t be mistaken, sharing capabilities by themselves […]

There are many advantages to having a centralized Threat Intelligence Platform (TIP) to aggregate, analyze and act on your own threat intelligence. Among them, is empowering the threat analyst to interact with new threat data as it is aggregated by providing a direct interface to speed up their workflow. This makes collaboration easier and essential […]

ThreatConnect Communities have become the indispensable Swiss army knife in the analyst collaboration arsenal this past year.  While our community blueprint has always included – a “Common Community” for open sourced shares, a “Subscriber Community” for proprietary, advanced shares developed by our ThreatConnect Research Team, and garden variety of vetted, Industry Moderated Communities; it has […]