Methodology

How We Identify, Manage,
and Block Threats Faster

We get it. You need to analyze massive volumes of data to see patterns, get context, and find relationships – all to learn more about a threat. That’s where we come in. The ThreatConnect Platform brings together the ThreatConnect data model, advanced data analytics, and collaborative intelligence to provide you with the complete picture about threats.

Leverage the ThreatConnect Data Model

The ThreatConnect Platform was specifically designed to help you understand adversaries and mitigate threats faster using threat intelligence.

  • Data is stored as either indicators (such as hosts or URLs) or groups, which are a collection of related behavior and intelligence (such as adversaries or emails)

  • Supports 8 different group categories and 10 different indicator categories, with the ability to create your own indicator types

  • Groups and indicators can be associated to each other, so you can start to see patterns between the data

Get Insights from
Millions of Data Points

ThreatConnect’s CAL™ (Collective Analytics Layer) provides an anonymous way to learn how many times potential threats were identified across all participating platform instances.

  • Get immediate insight into how widespread or relevant a threat is
  • Discover how many pageviews, observations, and false positive reports each indicator has
  • Find out when indicators were reported in each source

Use Multiple
Analysis Methodologies

Whether you use the Diamond Model of Intrusion Analysis, Lockheed Martin’s Cyber Kill Chain ®, or something entirely different, ThreatConnect will support you.

  • Pivot between indicators and groups to spot patterns
  • Customize indicators, attribute, import rules and more
  • Tag indicators with categories like Kill Chain Stages for easy organization and analysis

Collaborate & Share Intelligence

Collaboration within a trusted community – whether across industries, along your supply chain, or simply within your organization – can be the most effective source of threat intelligence at your disposal. Our versatile Platform scales as your needs change, providing robust access control, data markings, and classifications along with workflows and processes to facilitate collaboration.

  • See what industry peers are saying about threats
  • Create private communities to securely communicate with teammates or stakeholders
  • Always have full control over what you share and who you share it with