ThreatConnect 6.4 allows security operations and CTI analysts to improve threat intelligence process

ThreatConnect is announcing ThreatConnect 6.4, which introduces new capabilities that allow security operations and cyber threat intelligence (CTI) analysts to get useful context faster during investigations and to better measure team efficiencies.

ThreatConnect combines its Threat Intelligence Platform (TIP) and Security Orchestration and Automation platform (SOAR), creating a continuous feedback loop that helps make Intelligence-Driven Operations a reality. This latest product release builds upon the foundation of Intelligence-Driven Operations, empowering the workflow of threat intelligence and security operations teams individually and together.

The 6.4 release helps CTI and security operations center (SOC) teams get more context quickly, enabling faster investigations for both. CTI teams are enabled to more easily build and maintain a dynamic threat library, while updated dashboards allow SOC and IR leaders to accelerate the team’s efficiency. Three new features empower these capabilities:

• Explore With CAL to better understand the complex relationships of threat indicators with a graph-based interface into our Collective Analytics Layer
• Browser Extension V2 to build context around threats quickly and enhance your threat library
• New Workflow Metrics to drive operational efficiencies, helping SOC teams learn how to optimize their tools, team processes, and automations

“With the release of ThreatConnect 6.4 we’re making good on our vision and promise to security operations and cyber threat intelligence teams to deliver capabilities that will allow them to make decisions faster with more relevant context,” said Andy Pendergast, co-founder and EVP of Product at ThreatConnect. “We’re enabling insights across teams to help them observe and orient to threats to their environment faster with intelligence, and then decide and act at scale with our robust orchestration and automation capabilities.”

Explore With CAL

Threat Connect’s Collective Analytics Layer (CAL) is an innovative architecture that distills billions of data points, offering immediate insights into the nature, prevalence, and relevance of a threat. CAL provides global context that leverages anonymously shared insights from ThreatConnect users, open-source intelligence, malware intelligence, and numerous other collections.

When conducting research and investigation into a particular threat, this new capability lets analysts pivot directly within the CAL dataset in an intuitive graph-based interface to understand the complex, infrastructure-based relationships and reputation that exist with a particular indicator of compromise (IOC).

Browser Extension

The latest iteration of the ThreatConnect Browser Extension moves beyond providing information about IOCs, enabling users with the capability to scan an online resource for potential threat actor names and their tools. This provides a desirable CAL enabled “Rosetta Stone” to match common threat actor aliases as well as insights on the entity regardless of which name is used.

When conducting research and investigation into a particular threat, analysts now have the ability to use multiple sources of threat intelligence to identify relevant pieces of information from any web-based resource. This is a critical capability when it comes to quickly understanding the severity level of the threat and allows one to add it to their threat library for future analysis and investigation efforts.

Workflow Metrics

Workflow metrics amplify the visibility of your security operations, providing important key performance indicators (KPIs) that help measure whether people, tools, and technologies are working together efficiently. 6.4 introduces enhancements to Workflow Metrics, providing deeper insights that show trends for detection and response across a period of time. SOC team leaders can also gain perspective on the distribution of team case assignments as well as how to best prioritize unassigned cases.

The addition of a dashboard visualization showing Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR) over variable periods of time can help SOC leaders evaluate detection and response trends. New, simple to configure dashboard cards for active and unassigned cases lets team leads make more informed decisions when managing the workload of the team.

ThreatConnect’s risk-led, intelligence-driven approach reduces complexity, integrating processes and technologies to continually strengthen defenses, drive down risk, and revolutionize the way customers protect their organizations by turning intelligence into action.