With ThreatConnect’s two newest Analytic Features, Users Gain Immediate Insight into Threats to Their Network
January 31, 2017 – Arlington, VA – ThreatConnect®, provider of the industry’s only intelligence-driven defense platform, announces two new features designed to help organizations make faster decisions based on the threat intelligence: ThreatAssess, analytics across their own data, and ThreatConnect’s CAL™ (Collective Analytics Layer), generated from insights across its complete network. With these features, threat intelligence is more easily quantifiable for rapid decision-making.
ThreatConnect CEO Adam Vincent said, “ThreatConnect’s CAL is the result of analyzing anonymized global data across the ThreatConnect community of users. That’s a vast anonymized community. Any user organization can compare its metrics and telemetry with others for a fuller picture of the potential risk. And with ThreatAssess, organizations now get an at-a-glance score of an indicator’s evilness based on just their own data, helping to answer the question: ‘”Is this an indicator I should be looking at more closely?’
Both ThreatAssess and CAL were developed to leverage ThreatConnect’s powerful platform analytics. They were created to provide analysts with confidence to gather enough data to make a decision, yet not spend too much time chasing false positives or irrelevant information. ThreatAssess provides a basic risk assessment of an indicator. ThreatAssess distills multiple factors down to a single, actionable score based on an indicator’s average threat and confidence rating across all sources, false positive votes, and recent activity from your sensors. ThreatAssess also reports on why an indicator earned its particular score, providing valuable context. With ThreatAssess, an organization can prioritize its responses by assigning risk levels to observed indicators.
ThreatConnect’s CAL provides anonymized, crowdsourced intelligence: leveraging the collective insight of the more than 10,000 analysts worldwide who use ThreatConnect to provide global context regarding an organization’s indicators and threats. By distilling millions of data points, this innovative feature offers immediate insight into how widespread and relevant the threat is in a way that has never before been available.
With CAL, ThreatConnect shows you whether indicators are:
- Accurate: How many false positive reports an indicator has received from all ThreatConnect instances
- Pervasive: How many times an indicator has been observed in ThreatConnect users’ networks
- Timely: How recently an indicator was reported by a source
- Notable: How many page views an indicator has in the ThreatConnect Platform
- Dated: The first time an indicator was reported by a source
- Common: List of sources an indicator appears in
- Validated: Validation that an indicator is not malicious based on aggregated public whitelists
Vincent continued, “Unlike some of our competitors who offer similar scores, we actually provide our users with details on what went into the score, which helps them make more informed decisions.”
With the ThreatConnect Platform analysts and CISOs alike are provided with with meaningful, relevant information in order to make fast, data-driven decisions about how to react to a threat.
ThreatConnect® arms organizations with a powerful defense against cyber threats and the confidence to make strategic business decisions. Built on the industry’s only intelligence-driven, extensible security platform, ThreatConnect provides a suite of products designed to meet the threat intelligence aggregation, analysis and automation needs of security teams at any maturity level. More than 1,600 companies and agencies worldwide deploy the ThreatConnect platform to fully integrate their security technologies, teams, and processes with actionable threat intelligence resulting in reduced detection to response time and enhanced asset protection.