Challenge

This large technology client was looking for a centralized repository of contextualized threat intelligence, from which humans and machines can get a unified view to derive associations, prioritize, and collaborate on observations. The solution needed to be able to collect, normalize, and disseminate data to the security team and their tools. The company also needed a way to manage and analyze the collected threat data to characterize and prioritize it into actionable threat intelligence that could be disseminated to threat hunting, incident response, or security defense tools.

Solution

ThreatConnect automates the aggregation of internal & external threat intelligence in one place, freeing the team from the mundane task of data collection so they can focus on analysis and response. Upon aggregation, ThreatConnect’s in-platform analytics provided the client with context & relevance about that threat intelligence to drive action. This action can be performed automatically or manually. ThreatConnect enabled the company to integrate with any security tool or product and customize those integrations and workflows to optimize the SOC teams’ processes. The result was that ThreatConnect became the company’s system of record for threat intelligence processes, operations, and collaboration.

Outcome

ThreatConnect custom dashboards enabled the company to gain insight and situational awareness into their threat intelligence and operations. ThreatConnect also provided the company the ability to easily visualize global trends and data that show the impact of its security efforts and gain a better understanding of the threats the organization faces. The company can now automatically monitor their security operations and intelligence in a way that is actionable and meaningful for their team. They can view, edit, create and share custom dashboards to track metrics that will inform critical decision-making for their security operations