8 Person Security Team
Learn about the persistent threat, lessons for the future, and how ThreatConnect is working to protect its customers.
The threat intel analysts were using disparate, open source tools to identify, investigate, and enrich indicators of compromise. The security operations analysts were manually completing tasks such as reviewing and validating SIEM alerts as well as collecting and analyzing data.
Along with ThreatConnect Deployment Engineers, a dedicated ThreatConnect Customer Success Engineer (CSE) helped the customer during the deployment and initial setup of the ThreatConnect Platform. The CSE answered questions quickly and made the customer feel comfortable with the process.
ThreatConnect’s Customer Success Team delivered the training to the customer and tailored it so that everyone could understand — even the non-intel team members. This ensured that even after the ThreatConnect team left, the customer’s security team felt confident with their ability to use the Platform.
Multiple avenues for communication were set up to allow the customer various ways to stay in direct contact with the Customer Success and Support Teams at ThreatConnect. These include dedicated Slack channels, email, phone, and access to a knowledge base and GitHub repository. Regular touchpoints were scheduled to ensure technical progress was being made and strategic goals were understood.
Consistent communication and collaboration throughout the first two months of the project allowed the customer to realize the value and depth of ThreatConnect very quickly. Since then, quarterly business reviews with senior staff members have allowed initial strategic goals to be met, and the team is actively planning for additional goals including expanding the use of the ThreatConnect Platform to the customer’s Incident Response team.
Explore multiple solutions through one platformSee It In Action
Operationalizing Threat Intelligence
From one platform, you can normalize data from a variety of sources, add additional context, and automate manual threat intelligence-related security processes.