Skip to main content
Dataminr to Acquire ThreatConnect
Joining Forces with Dataminr to Accelerate Threat and Risk‑Informed Defense
Request a Demo

Large Hospital and Healthcare System – Phishing Automation and Bulk Importing and Enrichment of Indicators

Industry

Healthcare

Company Type

Hospital System

Company Size

50 Hospitals across 7 states

Learn about persistent threats, lessons for the future, and how ThreatConnect is working to protect its customers.

Challenge

This large, multi-state health system’s major challenges involved automating Threat Intelligence collection, IOC enrichment, creating workflow templates, and improving Case Management. The main use cases were around phishing automation and bulk importing and enrichment of indicators (using VirusTotal) and specific scoring criteria based on VirusTotal results.

Solution

ThreatConnect’s intelligence-powered security operations capabilities made it possible for the security team to create repeatable playbooks, automated processes and structured workflows that enabled SecOps teams to reduce the number of manual steps they must perform during their day-to-day responsibilities. There were nearly a dozen tool integrations involved in this ThreatConnect solution.

Outcome

By deploying ThreatConnect, the client was able to:

  • Automate Phishing Attack Response:
    • Using Playbooks (ThreatConnect’s Orchestration and Automation Capability), the security team automated Phishing Analysis, Triage, and Response, reducing the time it took from more than 3 hours to just minutes.
  • Automate Threat Intelligence Collection: 
    • ThreatConnect’s Threat Intelligence Platform (TIP) functionality enabled the security team to automate the collection from their various intel sources, both internal and external.
  • Conduct IOC Enrichment: 
    • A Playbook was built that allowed the security team to eliminate the painful, time-consuming process of trying to understand what thousands of IOCs meant to their enterprise.
  • Improve Case Management: 
    • By enabling Workflow, the security team was able to create templates and standardize their course of action for Phishing Triage and Response.

Read Next:

Financial Services

Establishing a Strong Partnership to Ensure Continued Success

Challenge

This was the first time this organization was deploying a security operations platform and they needed a trusted partner to help them mature their program and their usage of ThreatConnect along with it.

Solution

ThreatConnect provided a Customer Success Engineer to assist with implementation, delivered custom training tailored to the customer, and set up multiple avenues for continued communication.

Aerospace & Defense

Global Aerospace and Defense Company – Consolidating Threat Intelligence & Automating Processes With Playbooks

Challenge

This Aerospace & Defense organization collaborates with various business units, each with their own unique use cases for threat intelligence SOPs. From specific tags to intelligence ingest and tailored remediation criteria, they handle it all.

Previously, manual processes and scarce resources posed challenges. Open source platforms and Excel were used to consolidate and organize threat intelligence. Characterization consumed the organization's time daily.

Solution

ThreatConnect revolutionized security operations for this organization by hosting sessions with business units and developing automated Playbooks. They streamlined manual processes, saving time and money. With efficient documentation and valuable metrics, they proved the ROI and value of ThreatConnect.
Healthcare

National Medical Insurance Provider Quantifies Risk

Challenge

This healthcare organization faced challenges in measuring and quantifying cyber risk, financial impact assessment, and subjective project prioritization. This project aimed to provide an aggregate view of the top financial cyber risks for the CISO to prioritize resources and engage in meaningful discussions with the Board. Additionally, the CISO aimed to provide each member company with a snapshot of their greatest financial risks.

Solution

ThreatConnect Risk Quantifier (RQ) empowered the client to objectively assess risk portfolios across member companies, allocating resources efficiently. RQ's automated approach to cyber risk quantification enables rapid implementation, makes CRQ a reality for small teams.