Read insights, thought leadership, and platform updates.

Similarities with Wellpoint/Anthem Event Should be Understood The recent announcement from Premera Blue Cross Blue Shield that it has fallen victim to a sophisticated cyber attack that reportedly compromised the medical and financial data of 11 million members is the latest in a series of high-profile cyberattacks targeting the medical and healthcare industry. ThreatConnect’s analysis […]

When news of the Anthem breach was reported on February 4th, 2015, the security industry quite understandably went wild. A breach of this magnitude was certainly unprecedented.  Naturally, many industry professionals were keenly interested in digging into this incident to see what could be uncovered, and the research team at ThreatConnect was no exception.  Thanks […]

Introduction The Diamond Model of Intrusion Analysis is the analytic methodology upon which ThreatConnect is built.  Developed by a number of preeminent security researchers and analysts (including our own Andy Pendergast), the Diamond Model exists both as a cognitive model to organize extensive sets of interrelated logic, as well as a series of mathematical techniques […]

Communities, sharing, and collaboration have hit the hype curve in cyber security circles.  While the marketplace includes products that offer information exchange or are bolting on support for collaboration; sharing communities were one of the first realities of our vision since product inception and rolled out with ThreatConnect 1.0. Don’t be mistaken, sharing capabilities by themselves […]

There are many advantages to having a centralized Threat Intelligence Platform (TIP) to aggregate, analyze and act on your own threat intelligence. Among them, is empowering the threat analyst to interact with new threat data as it is aggregated by providing a direct interface to speed up their workflow. This makes collaboration easier and essential […]

ThreatConnect Communities have become the indispensable Swiss army knife in the analyst collaboration arsenal this past year.  While our community blueprint has always included – a “Common Community” for open sourced shares, a “Subscriber Community” for proprietary, advanced shares developed by our ThreatConnect Research Team, and garden variety of vetted, Industry Moderated Communities; it has […]

In this day and age of interconnected cloud services and distributed content delivery networks (CDNs), it is important for both CDN service providers and security professionals alike to recognize and understand the risks that these systems can introduce within an modern enterprise. For organizations within both public and private sectors that leverage CDN platforms to […]

Today, I’m proud to share that ThreatConnect has announced a $4 Million Series A investment led by Grotech Ventures and other strategic partners. You can read more about the specifics here. Grotech Ventures is one of the premier East Coast venture capital firms and we are excited to have them on board as our partners […]

For over a year, the ThreatConnect Research Team has been tracking Pakistan-based cyber espionage activity associated with a custom malware implant recently dubbed “BITTERBUG.” In August of 2013, we reported our initial findings and analysis of the malware. In 2014, we teamed with FireEye to publish a comprehensive overview of the activity within Operation Arachnophobia. As we continue to delve […]

The story of Operation Arachnophobia is not unlike a good spy novel; the characters aren’t who they appear to be, motives must always be questioned and the twists in the plot keep you guessing until the end. Our story begins in early August 2013 with the research blog “Where There is Smoke, There is Fire: South […]

I remember it like it was yesterday, the first few hours of basic training. I stood there cooking in the South Carolina humidity with a very loud and short man, named Drill Sergeant Doll screaming a few inches from my ear, “You need to shoot, move and communicate!” At the time, I had absolutely no […]

Earlier this week, we saw an article by Robert Ackerman Jr. on Dark Reading about crowdsourced threat intelligence and cyber security. Of course we were excited to see more discussion on threat intelligence and the value of collaboration. Robert states that challenges remain, and while we agree that some organizations have not yet found the […]