Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

ThreatConnect Introduces Workflow to Increase Efficiency and Accuracy During Analysis, Investigation, and Response

Latest version enables security teams to make faster and more informed decisions by providing a single Platform for threat intelligence analysis, incident response plans, and security processes.

February 20, 2020 – Arlington, VA – ThreatConnect, Inc.®, provider of the industry’s only intelligence-driven security operations platform, is proud to announce the release of ThreatConnect version 6.0. Among other features in this new release, ThreatConnect introduces Workflow, which enables interactive intelligence-powered investigation and case management capabilities for Incident Responders, Security Operations Analysts, and Cyber Threat Intelligence Analysts. ThreatConnect’s Workflow functionality reduces the risk of missing critical steps and relevant artifacts, and decreases the time it takes to uncover relevant intelligence.

ThreatConnect Workflow allows security teams to investigate, track, and collaborate on information related to threats and incidents with automated and manual tasks and standardized, consistent processes — all from a central location. Security team members using the ThreatConnect Platform now have a mechanism that correlates artifacts from an investigation to existing intelligence, as well as historical case data from past incidents and investigations. The Platform allows users to not only enrich cases with both internal and external threat intelligence, but also generate intelligence from those cases to be used to enhance detection, prevention, and to build out a library of relevant threats facing the organization. This leads to a more complete picture and better understanding of an organization’s own internal threats.

Adam Vincent, ThreatConnect CEO, said, “With Workflow, we have realized the vision we had for the core capabilities of our Platform. Nine years ago we set out to build a platform with the necessary capabilities to improve the cyber analysis process. We led with threat intelligence, then developed orchestration and automation through Playbooks, and now, Workflows. With ThreatConnect, security teams have a Platform that is a single source for their intel, response plans, and processes that provides a common reference point enabling collaboration, consistency, and that increases accuracy for threat-based decision making.”

ThreatConnect’s combination of security orchestration, automation, and response (SOAR) plus threat intelligence, provides the ability to enhance human and machine-driven security processes with internal and external intelligence on threat actors, attack techniques using MITRE ATT&CK™, and traditional indicators of compromise. In addition to improving response time with consistent and documented processes, this allows teams to maximize the amount of internally sourced threat intelligence obtained from incident response and operations teams.

In addition to Workflow, other 6.0 features include:

  • Custom User Roles– customers are now able to give access to the Platform to more users based on their specific and unique requirements without jeopardizing data or process integrity.
  • Unlimited Read-Only & Commenter User Licensing – allows customers with designated ThreatConnect licenses to provide unlimited read-only, commenter, and read-only API users to the team to enable more individuals the ability to explore data captured in the ThreatConnect Platform.
  • App Services – Users now have additional ways to loop ThreatConnect into their existing technology stack, including custom Playbook triggers, Webhooks, and custom API’s. Furthermore, they can develop these capabilities directly from App Builder and new Service app integrations will be made available through App Catalog.

ThreatConnect’s 6.0 release will be generally available to all existing and new customers by the end of Q1.

About ThreatConnect:

ThreatConnect, Inc. provides a proactive and efficient approach to security by enabling enhanced detection, shortened response, and reduced risk. Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit www.ThreatConnect.com.

###