Challenge

This Global Fortune 400 Aerospace & Defense organization works with multiple separate business units that each have their own set of unique use cases for threat intelligence standard operating procedures (SOPs). This includes specific tags per business unit, threat intelligence ingest, and multiple remediation steps based on specific criteria.

The team was having a difficult time keeping up with multiple manual processes, which absorbed a large number of scarce resources.

Prior to ThreatConnect, the company was leveraging open source platforms and Excel spreadsheets for consolidating and organizing threat intelligence. Specific characterization was a major daily task for the entire Intel organization.

Solution

ThreatConnect hosted multiple sessions with the Organization’s business units (30+ attendees per session) to capture and work through multiple manual processes. This led to the development of ThreatConnect Playbooks that automated specific tasks that previously would cost the company significant time and money.

With ThreatConnect Playbooks, the organization was able to document security operations processes more efficiently and consistently. Playbooks also provided the security team with metrics on completions, time, and dollars saved to demonstrate return on investment and the value of individual Playbooks.

Outcome

The end result was that one Playbook “saved us over $1,500/day,” according to the Director of the company’s Information Sharing and Analysis Center. This drove adoption of Playbooks across all supported business units, directly enabling more than 60 analysts to do their jobs more efficiently. These Playbook sessions allowed the security teams, for the first time, to show enterprise stakeholders the ROI of security operations.