ThreatConnect released ThreatConnect 6.3, which improves the threat intelligence process by introducing six new threat intelligence group types for clearer and more intuitive data mapping for cyber threat intelligence analysts and our threat intel partnered integrations, as well as Workflow Metrics to help Security Operations Center (SOC) Directors identify whether the tools, processes, and automations in place are helping the organization identify and remediate threats faster.
ThreatConnect continues to change the way security works. The only company with Cyber Risk Quantification (CRQ), TIP, and SOAR capabilities combined, ThreatConnect unifies the actions of the security team around the most critical risks, supports their response with streamlined and automated workflows, and strengthens the entire security ecosystem through powerful technology integrations.
“Our quarterly release of ThreatConnect 6.3 for our TIP, SOAR, and Intel Driven Operations (IDO) customers drives home our dedication to threat intelligence teams, security operations teams, and facilitating the workflow between the two teams to enable more accurate, efficient, and faster decision making to protect the business,” says Andy Pendergast, EVP of Product and Co-Founder. “We’re excited to help our customers map intel more accurately and robustly in both the ThreatConnect TIP and SOAR, allow flexible ways to capture investigative data in cases through attributes, and track case metrics powerfully and intuitively in ThreatConnect SOAR and IDO products.”
ThreatConnect 6.3 introduces the following new key capabilities:
- New Group Objects
- Workflow Metrics
- Workflow Attributes
New Group Objects
The six new Group types function like existing Groups in ThreatConnect and allow users to map their data in a clearer, more intuitive way. The new Group Objects include:
- Attack pattern
- Course of action
Ultimately, this helps ensure that the threat library you build with ThreatConnect is approachable, organized, and equipped to help your security teams when they need it most.
Other benefits include:
- Better alignment with STIX objects
- Improved threat intel processes by allowing users to correctly categorize threats
- Better MITRE ATT&CK support
Gaining insight into the SOC team’s performance is critical for security leaders. They typically have large teams that are dealing with a high volume of cases and escalations.
You can now easily create dashboard cards on three key performance indicators (KPI):
- Mean time to detect (MTTD): The average time it takes to discover a security threat or incident.
- Mean time to respond (MTTR): The average time it takes to control and remediate a threat.
- False positive ratio: The percentage of alerts that upon investigation are revealed to be not valid threats.
These metrics will help you to identify whether tools, processes, and automations in place are helping the organization identify and remediate threats faster.
Workflow Attributes gives you the ability to create custom data fields, called Attributes, for Cases and Templates via the UI and our robust API. You can bring in anything of value to them, such as relevant research and analysis associated with cases, affected network/business units, recommendations on courses of action, or enrichment details from other tools.
Workflow Attributes allows you and your team leaders to ensure that the most important elements needed on a Case are captured and allows coordination between teams that have different Case formats.