ThreatConnect is announcing the achievement of SOC2 compliance and the release of ThreatConnect 6.5.
This release introduces new capabilities that provide security operations and cyber threat intelligence (CTI) analysts with an improved threat intelligence and investigations experience with better visualizations, more context, and more automation. It also introduces enhancements for multi-tenant environments and optimizes the analyst experience by reducing management overhead and streamlining analysts’ ways of working.
ThreatConnect has obtained a satisfactory SOC 2 Type 2 report for its ThreatConnect Platform and Risk Quantifier (RQ) products. SOC 2 examination and reporting standards are defined by the American Institute of Certified Public Accountants (AICPA). ThreatConnect’s SOC 2 examination was performed by an independent CPA firm, Schellman & Company, LLC (“Schellman”), who performed a “Type 2” examination that tested the effectiveness of ThreatConnect controls in security, availability, and confidentiality over an extended period of time.
The ThreatConnect Platform enables end-to-end threat intelligence operations and security orchestration, automation, and response (SOAR), creating a continuous feedback loop that helps make Intelligence-Driven Operations a reality.
ThreatConnect unifies the actions of the security team around the most critical risks, supports their response with streamlined and automated workflows, strengthens the entire security ecosystem through powerful technology integrations, and supports centralized incident management and knowledge capture. This latest product release builds upon the foundation of Intelligence-Driven Operations, empowering the work of threat intelligence and security operations teams individually and together.
The 6.5 release introduces the following new and improved capabilities:
- Explore in Graph improves the threat intelligence and investigations experience with better visualizations and more insights and context
- Automate Linking Intelligence to Cases to build playbooks and associate intelligence efficiently, reducing manual tasks and improving processes
- Workflow Metrics expansion with a new metric to measure and monitor analyst efficiency
- Super User streamlines the access management, operations, and visibility for analysts working in multi-tenant environments, like MSSPs and MDRs
Explore With Graph
Explore with Graph provides threat intelligence and SOC analysts with an improved threat intelligence and investigations experience through better visualizations and more context and insights from ThreatConnect’s Collective Analytics Layer (CAL™). This allows analysts to connect indicators and other intelligence faster and more intuitively than ever before.
Automate linking of intelligence to cases
ThreatConnect has updated our v3 API in this release to give users the ability to automate the association of intelligence with cases programmatically, drastically reducing the amount of manual time spent by Analysts.
ThreatConnect’s risk-led, intelligence-driven approach reduces complexity, integrates processes and technologies to continually strengthen defenses, drive down risk, and revolutionizes how customers protect their organizations by turning intelligence into action.
Workflow metrics – analyst efficiency
Gaining real-time insight into their security operations team is crucial for security leaders. Dashboards can easily be created with the key performance indicators available in the ThreatConnect Platform. With the newly added ‘Analyst’s Efficiency Metrics,’ starting with the Top 10 Case Closing Analysts metric, it’s easier for leaders to understand the team’s performance and optimize their work.
In organizations with multi-tenant and tiered deployments, the Super User capability is vital to ease the logistical burden. With this, as an MSSP, MDR provider, or a multi-tiered enterprise organization, you’re able to have a single pane view of all attacks across your customer base or various environments.
Within a single view, analysts can quickly investigate and confirm whether an indicator has been seen or an attack is happening with other customers or organizations and quickly take action.