What’s in a Platform?

The following post will examine the need for organizations to use a Platform to meet the organization’s ever changing security requirements.  Unfortunately, the term Platform is an overused term, so we will look at what makes a true platform – what some call a Level 3 Platform. Then, we’ll examine how a true threat intelligence platform let’s analysts innovate while spending more time on analysis, raise the water of threat intelligence for partners and better serve the needs of directors and the c-suite. 
Screen Shot 2015-08-27 at 1.51.23 PMIn many companies security organizations seem to be in disarray when compared to other business organizations.  Given the increased risk of network intrusions, it is clear that big changes are needed within the security program – not just incremental improvements.  Despite the desire to do something quickly, you shouldn’t just go out and buy “ThreatButt and call it a day. There is a need to rethink the way that security is done across the business, and not buy any more tools.  It is this reaction to every problem that has gotten us into the complicated maze of people, products, and process we are in today.  

Alex Stamos, Chief Security Officer (CSO) at Facebook, wrote a great blog post on “The failure of the security industry” where he recommends that you should build platforms to sufficiently “fend off [threats].” He explained, “The security industry needs to build reusable platforms with pluggable use cases.”


Unfortunately, the term “Platform” has become the new “Big Data.” That is to say, it is overused in marketing.  Everyone is saying it, but there is no consensus on what it means.

Platform Defined

A Platform is a system that can be programmed by outside developers — in particular users of the platform.  If users can program it, then it’s a platform.  If you can’t program it, then it’s not a platform.  

TC-Icons-Platform-Dark (1)

Why a Platform Should Be Programmable

Why make the platform programmable in the first place?  The answer is less technical and more about strategy.  Platforms, like android devices, iDevices, and computers are made powerful because anyone can extend their features, functionality and overall value with applications.  Organizations can choose from existing applications to solve their current problems or, if not already available, can build their own applications more quickly.  

The Value of a True Platform versus a “Platform”

A true platform’s power lies in co-creation of value; the creativity of the community. In fact, this is another way you can tell the difference between a “platform” and a platform. If the “platform” owner creates all the value, it’s a product. If 3rd parties create most of the value, it’s a platform.

The Levels of a Platform

There are three different sophistication levels of a platform:

  • Level 1 – The API – It is programmable, to a point, so I’m giving it credit for being a platform.  This is the least sophisticated type of platform since the application code and interaction lives outside the platform.  Expertise required for API development is high and the developers must take responsibility for any databases, servers, storage, networking bandwidth, and security of all applications they build.  
  • Level 2 – Plugins – Applications developed as a Plugin show up within the GUI of the platform.   However, the application code lives outside of the platform itself, and plugins use APIs for integration.  Similar to Level 1 above, the entire burden of building and running a Level 2 platform-based app is left entirely to the developer.  
  • Level 3 – Integrated – In the Level 3 platform, the third-party application code runs inside the platform within a “runtime environment”.  Generally, a level 3 platform will include Plugins and an API functionality as well.  

Level 3 platforms, although the hardest to build, are very powerful.  The level of technical expertise required to develop applications on your platform is significantly reduced and the cost of additional infrastructure to support custom applications is decreased to $0.  It also creates an open source ecosystem within your platform to let users freely share applications with one another, choose and modify applications, and accelerate solution development through plug-and-play activities.  

With the latest release (V3.3) ThreatConnect has become a level 3 platform. ThreatConnect is serious about the security of the community and our customers. We know we can’t bring about that vision alone. We’re proud of what we’ve developed in ThreatConnect to date, and the innovation will continue. ThreatConnect has already brought the community together to share and analyze knowledge… now with V3.3 we want to enable the community to create tools and applications that can be used to continue to change the game for security professionals.

forward (1)

Start Building Apps and Get A Free License to ThreatConnect

For Analysts by Analysts has always been our motto, and with V3.3 we are taking that to the next level, with an opportunity for analysts and developers to build their own ThreatConnect apps, and if approved for existence within the TC Exchange™ and ThreatConnect Platform, receive a Free Analyst Edition subscription which includes more data, and more functionality of the platform.


We are going to run a “Best App Idea Contest” through October. For example; ReversingLabs, ThreatGrid, VMRay, Lastline, VirusTotal, and Cuckoo, which are all malware analysis integration apps will be available in the TC Exchange™ by the end of the summer.  You send us your best app idea and we will choose the best ones to provide to the ThreatConnect community for a final vote on which is #1.  The owner of the winning app idea wins a free Analyst Edition Subscription and we will build the app and put it into TC Exchange on their behalf.  


Screen Shot 2015-08-24 at 3.41.22 PM

Adam Vincent
About the Author
Adam Vincent

Adam is an information security expert and is the former CEO and co-founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, four children, and dog.