ThreatConnect Platform: Security insight for sound decision-making

In this interview, Jason Spies, VP of Engineering & Chief Architect, ThreatConnect, talks about the powerful features of the ThreatConnect Platform.

ThreatConnect Platform

Oftentimes, the ability for a product to support growth (scale effectively) is forgotten in lieu of a customer being dazzled by individual features or capabilities. Can you talk about the importance of technical considerations when it comes to a Platform scaling to support multiple teams and growing demands overtime?

Bottom line, it’s a balance of trying to get a product out the door, while making sure it will scale or grow enough to meet the demand customers may have in the future. Look, we all can’t be Facebook. If we try to build a product to that scale from the beginning, you’ll miss your window of opportunity to build a feature the user will actually benefit from. Scale should be a consideration, but not the only factor.

When thinking about scalability, you need to know your user-base, data size, and the expectations for how it will be used, among other things. Over-engineering for scale could potentially lead to schedule delays for getting a product shipped.

On the other hand, if you don’t consider it, you may quickly realize that a feature cannot be used as expected by a customer at production scale. Other things we try to consider are business logic (as in data processing, analytics, etc), concurrency (as in users logged in, Playbooks running at the same time, integrations pulling data at the same time, etc), and availability (Platform needs to keep from suffering a loss of service).

Where design is concerned, think horizontal scalability: multiple servers vs. bigger servers. You can always buy more machines, but the machines themselves only have so much speed and power. Lastly, when possible, consider queueing and asynchronous processing – meaning, try to line up work for when resources are available and prioritizing workload.

Large organizations tend to run complex security architectures. What’s the process when it comes to integrating the ThreatConnect Platform into a customers’ existing ecosystem?

The analyst firm Forrester recently published a study entitled, ​Total Economic Impact of the ThreatConnect Platform report​ e​ssentially stating that by bringing everything into one platform – ThreatConnect – companies can realize that they have redundant security subscriptions and actually be incurring unnecessary costs.

With ThreatConnect’s multi-environment orchestration, Playbooks, orchestration and automation, and apps it is easy to integrate tools and products, providing a unified view into the security stack. And once ThreatConnect is deployed, it is easy to onboard new tools. Companies that use ThreatConnect Playbooks have actually seen a 50% reduction in analyst burden in the first year.

ThreatConnect Platform

So, taking the above question one step further, integrating with other technology solutions is critical. What’s the process look like? How does your Platform power that?

We rely on and provide (open) APIs or SDKs. We have documented APIs and SDKs that enable customers to build integrations on their own, both internal to the platform and external in their own IDEs. With Playbooks, users can build integrations visually and chain integrations together to orchestrate a process.

As you just mentioned, solutions like ThreatConnect require the building of Playbooks in order to orchestrate processes. What does this look like for a user? Does it require a user to have coding expertise?

The great thing about ThreatConnect Playbooks is that they can be built using a visual drag and drop interface to link integrations together into a logical process. To help organizations get started with Playbooks, we include many templates for common scenarios. For any of ThreatConnect’s out-of-the-box supported integrations, no code is needed to build Playbooks; and it is the same for many integrations that can be built directly with Playbooks visually.

Playbooks can also be built in Python or Java. Lastly, in the Platform, we have an App Builder built into the Platform that combines coding, building, and debugging within the UI to make it easier to build applications if coding is actually required or kinda your thing.

ThreatConnect Platform

With all these features and capabilities, user experience must be extremely important. What are some of the things you take into account when it comes to the UX and overall design of your Platform? What do you do to ensure complex technology is overlaid with user friendly controls?

We try to implement a consistent UX following Material design principles. We continuously monitor and measure the adoption and use of our features to evaluate the UX. Also, we segment our UX and features based on role. This way, the UX keeps from being overwhelmed by feature overload. We provide a consistent visual hierarchy and ensure users have a customized views and insight into data. And with sharing of customizable dashboards, we provide streamlined views into multiple complex data sets. Our visual graphing of associations also provides a clear picture into data relationships.

We also provide templates and automated functionality to transfer content, as well as advanced searching tools. Users have control over where they are in the Platform and what they’re doing, and ensure user confirmation to prevent unintended action errors – all to improve their efficiency.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss