Skip to main content
ThreatConnect Acquires Polarity to Transform How Security Uses Intelligence
Press Release
Request a Demo

Why Polarity & ThreatConnect?

We announced today that ThreatConnect has acquired Polarity (you can read the press release here). Polarity’s solution augments security analysts’ daily workflow with context and insight needed for decision and action in their course of analysis regardless of the application they are in. We’re excited to have the Polarity team join the ThreatConnect family and have some awesome plans for the combination of our Threat Intel Operations Platform together with Polarity.

Aligned Vision and Practical Execution

ThreatConnect’s vision statement is to “Change the way security works by turning intelligence and insights into action.” Adding Polarity immediately helps us further this vision. Their technology helps security analysts speed decision-making by putting context from both external threat intelligence and internal insights from asset, identity, and security controls on security analyst’s screens exactly when they need it in the course of their work. Make no mistake though, this combination goes well beyond vision – there is already tremendous validation from more than a dozen shared customers that this is a powerful combination that enables them to do their jobs better.  The common sentiment they’ve shared is that someone would have to “pry Polarity out of their hands” before they’d give it up. Additionally, we’ve worked with and known the founders and leaders of Polarity for years, and we’re aligned with speeding decision-making for security teams to turn the asymmetric advantage back to the defenders.  

What is Polarity?

Perhaps I’ve gotten ahead of myself, it may be you’re not familiar with Polarity. Let’s address that. Polarity is a federated search tool and much more that can search hundreds (yes, hundreds) of sources simultaneously to provide SOC, CTI, IR, Hunt, and other analysts enriched data immediately to help guide analysis and decision. The special sauce is that the analyst isn’t required to go to “yet another tab” or type in a query in another console; the Polarity client reads what’s on the screen, parses out IOCs, known text strings, etc, or, most popularly, runs queries on whatever is grabbed in a selective screen capture. It bypasses the need for a “single pane of glass” by providing context wherever the analyst needs to be working. Because it can query what’s on the screen, independent of (but not agnostic to) all applications the user needs to query from, it removes the need for context switching between applications, toggling between browser tabs, etc. It doesn’t just populate search results but integrates with ThreatConnect TI Ops, SOAR tools, ticketing systems, or other automation tools to take action on information or initiate a deeper investigation immediately. It can also work with the latest commercial and open-source GenAI LLMs to summarize and synthesize results further speed decision-making. 

Immediate Value to Our Customers – like Right Now

By coming together, we’re removing the biggest barrier to truly operationalizing threat intelligence – the interaction between CTI teams (TI Producers) and the operational defenders and controls in the SOC, incident response, and threat-hunting teams (Consumers of TI). Traditionally, information flow has been limited by lack of interconnected systems, culture, and process. But now, with the ThreatConnect TI Ops Platform and Polarity, customers will have threat intelligence alongside all role-relevant context and enrichment available directly on their desktop and integrated with their operational tools and controls.  In addition, for CTI teams, Polarity will enhance their analysis and investigations with additional context and enrichment from all available data sources from a single interface.

In short, CTI analysts will be more productive and more effective in their investigations.  SOC, IR, and hunt teams will have all the data they need, at the time of decision, overlaid on whatever interface they are doing their work.  This will nearly eliminate “last mile” friction in getting the intelligence to the right consumer at the right time. 

In addition to being offered as a bundle with ThreatConnect’s TI Ops Platform, Polarity will continue to be sold independently. We’ll be excited to offer Polarity customers an increasing array of AI-based insights, like extracted insights on MITRE ATT&CK techniques mentioned in text, bespoke threat intelligence enrichment, feed performance and value, and trending metrics on IOCs from CAL, our AI-powered analytics brain/engine. 

Looking Ahead

We will strengthen our integration with Polarity and our Threat Intelligence Operations Platform as we build out our AI capabilities, streamlining workflows and investigations, and automating every step of analyst workflows. 

Let’s not leave out ThreatConnect Risk Quantifier, aka RQ, our cyber risk quantification product that is increasing its operationally relevant insights, informing the risk pertinent to assets, helping prioritize vulnerabilities to remediate, and the MITRE ATT&CK techniques to focus on. Users of Polarity and RQ together will soon be able to surface insights on the risk to apps and assets related to their alerts, investigations, and threat capabilities. Together with threat intelligence from our TI OPs Platform, RQ, and Polarity will be able to surface internal asset information, business risk and impact associated with them, and threat insights trying to affect them from one overlay. 

Polarity’s capabilities also will position us for our longer-term aspirations to inform decisions for traditional security teams as threats represented by cyber adversaries and criminals increasingly begin to have impacts in physical space. 

Want to learn more?

Reach out to us at or to learn more about how the combination of ThreatConnect and Polarity is the force-multiplier your CTI and Security Operations teams need right now.


About the Author

Andy Pendergast

Andy is a community respected analyst, innovator, and thought leader. He has over 15 years of experience working in the Intelligence and Computer Network Defense Communities from within the U.S. DoD and Fortune 500 companies. He brings his passion for intelligence-led defense to his role as Product Director for ThreatConnect. Andy is a co-founder of ThreatConnect, Inc. and is a co-author of “The Diamond Model for Intrusion Analysis“. Andy is a veteran of the U.S. Army, holds a Diploma in Chinese Mandarin and a Bachelor of Science from Excelsior University. He lives in Columbia, MD where he regularly climbs rocks and enjoys getting Thai Dynamite Chicken with his wife and three children.