ThreatConnect hosted four customer user groups in 2023, and we are grateful to our customers for providing invaluable insights. These insights will inform our product roadmap and our users’ shared strategies on how to get the most out of ThreatConnect. These events have served as a platform for sharing knowledge, exchanging ideas, and fostering collaborative relationships within our customer community. Thank you to our customer base for your continued support and participation. Your enthusiasm and engagement have contributed to the success of these User Groups.
So, what did we learn from our customers?
There’s a lot of interest in ThreatConnect’s ATT&CK Visualizer’s new capabilities and how organizations are leveraging it
One of the most popular topics of discussion and most frequently asked about was our ATT&CK Visualizer and it’s newest capabilities.
Introducing ThreatConnect ATT&CK Visualizer, our innovative platform capability that brings the MITRE ATT&CK matrix to life. This visually describes a threat’s tactics, techniques, and sub-techniques, providing invaluable insights into threat groups employing similar methods. Developed by MITRE, this globally accessible knowledge base is built upon real-world observations, empowering you with a comprehensive understanding of adversary tactics and techniques.
Some of the ThreatConnect’s upcoming ATT&CK Visualizer features include
- Heat maps that help visualize popular techniques used by multiple threat groups, enabling users to spot patterns and common threats
- Being able to easily identify security gaps and analyze strengths and weaknesses in TTPs coverage
Our future plan includes enhancing this capability to identify security gaps by overlapping with Detection coverage and a new feature that lets users import ATT&CK Navigator JSON into the platform. We’re continuously evolving our product and aim to overlay security coverage from various vendors, enabling swift identification, comprehensive testing, and efficient mitigation of security gaps. This evolution of the ThreatConnect platform promises a more robust and insightful threat intelligence tool for all parts of your security team.
Check out this blog to learn about the Top 5 Use Cases for ATT&CK Visualizer
To see it in action for yourself, check out this interactive demo!
Priority Intelligence Requirements (PIRs) are crucial to efficient security operations, and there’s interest in how ThreatConnect PIRs can be used to manage threats effectively
Intelligence requirements have become crucial to cyber threat research and analysis. These requirements consist of specific topics or research questions that revolve around an organization’s top cybersecurity concerns. They serve as a guide for the Security or Threat Intelligence Team, directing their research and analysis efforts and gaining valuable insights into threats, vulnerabilities, and cybercriminal tactics.
ThreatConnect is currently working on an Intelligence Requirements capability that will allow users to create new or add existing intelligence requirements. The system will automatically track intelligence related to these requirements across both your instance and the global ThreatConnect dataset. We’ve also introduced Threat Query Language (TQL), which helps facilitate an assessment of how well feeds address your team’s requirements.
Some upcoming features to look out for
- More precision and time efficiency in the analysis process. Users will be able to see exactly what in a result matches a requirement, reducing the time spent on verifying matches and allowing more time for in-depth analysis
- Stakeholder participation will be enhanced, as requirements can be assigned to individuals or groups, and stakeholders can be added as “Watchers”, thus enabling them to stay updated on requirements of interest.
- The identification and tracking of industry information will be improved, and the concept of nested requirements will also be introduced.
Our future plan aims to streamline defining preliminary team PIRs (Priority Intelligence Requirements) through a user-friendly workflow and provide suggested PIRs based on existing intelligence and SOC insights. This demonstrates ThreatConnect’s commitment to creating an interactive and dynamic threat intelligence platform to help manage threats effectively.
To learn more about Intelligence Requirements and how to create them, read this helpful blog
Reporting is vital to every part of the security operations process. There’s a lot of interest in learning how other customers are using Reporting in the ThreatConnect Platform
Effective and efficient collaboration and dissemination of threat intelligence among CTI analysts and their teams is crucial in today’s landscape. By leveraging the reporting capabilities within the ThreatConnect Platform, analysts can effortlessly share the most important information with key stakeholders. This saves valuable analyst time and facilitates expedited decision-making through timely, data-driven insights.
Our most recent release caters to the widely requested customizable intelligence reports. Users are now able to generate reports quickly and easily distribute to stakeholders. We are also working on the introduction of templates and a Reporting API. These developments will streamline the reporting process, allow for customized report structures, and facilitate integration with other tools and applications.
Our future plans include adding AI-powered summaries, which will provide concise yet comprehensive overviews of complex threat data. For better management and to measure the effectiveness of intelligence reports, mechanisms for report scheduling, feedback, and ROI reporting are being considered.
To learn how the Reporting capability is a game-changer for your security team, read more about it here
To see this in action, check out our Interactive demo
Our user group sessions are not just about learning and sharing information – they’re a way for our customers to meet one another and build connections. These gatherings offer networking opportunities, the ability to share challenges and solutions, and a fresh perspective. The User Group events also provide a platform to voice your needs and feedback directly to those who shape ThreatConnect’s offerings. By attending, you’re investing in both your organization’s growth and actively contributing to the evolution of ThreatConnect’s solutions.
We are very excited about the opportunity to host you and remain dedicated to delivering more enriching experiences for our customers. Stay tuned for updates on our upcoming events, and join us in experiencing the power of collaboration and innovation firsthand! Contact us to learn more about any of ThreatConnect’s newest features.
Upcoming: NYC User Group October 2023:
We have an upcoming in-person customer user group in New York on October 19, 2023. This will be our last in-person user group for the year! This event provides the opportunity for you to discover new use cases, learn tips and tricks from other customers, and meet ThreatConnect experts so we can hear your thoughts on our platform.
If you are interested in attending our user group in NYC or would like to request a User Group in your area, please email email@example.com.
*User Group Sessions are for current ThreatConnect customers only