ThreatConnect’s combination of security orchestration, automation, and response (SOAR) plus threat intelligence, provides the ability to enhance human and machine-driven security processes with internal and external intelligence on threat actors, attack techniques using MITRE ATT&CK™, and traditional indicators of compromise.
Security team members using the ThreatConnect Platform now have a mechanism that correlates artifacts from an investigation to existing intelligence, as well as historical case data from past incidents and investigations. The Platform allows users to not only enrich cases with both internal and external threat intelligence, but also generate intelligence from those cases to be used to enhance detection, prevention, and to build out a library of relevant threats facing the organization. This leads to a more complete picture and better understanding of an organization’s own internal threats.