ThreatConnect released ThreatConnect Platform 7.0 designed specifically for TI Ops. The new release increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation.
“Legacy approaches to threat intelligence are no longer sufficient to protect the enterprise in a world of an expanding attack surface and increasing velocity and sophistication of threats,” said Andrew Pendergast, EVP of Product at ThreatConnect.
“Security operations must modernize by adopting a new approach that puts threat intelligence at the core of everything – aggregating TI from multiple sources, prioritizing the most dangerous threats, and taking timely action so security programs can be strategic and proactive,” added Pendergast.
The ThreatConnect Platform enables organizations to achieve alignment between security operations and the critical risks to the business as well as better security efficiencies and greater effectiveness, including faster time to mitigate critical vulnerabilities and faster mean time to detect (MTTD) and respond (MTTR) to threats.
In a recent survey of ThreatConnect customers, more than 68% of respondents said that the product helped them improve their MTTR by more than 50%. In the same survey, 95% of respondents noted that ThreatConnect enabled them to get more value from their existing security tools such as SIEM, XDR, and SOAR.
Customers can now go beyond just managing threat intel to operationalizing it and fusing it across every part of your security program, from threat investigation to incident response to vulnerability management.
ML-powered global intelligence and analytics with CAL v3.0
With the introduction of a native natural language processing (NLP) to the ThreatConnect Platform now automates many analyst activities saving them time and effort. CAL now has the ability to understand MITRE ATT&CK techniques. This capability underpins the new CAL Automated Threat Library (ATL) intelligence. Analysts no longer need to visit dozens of blogs and news sources every day, analyzing the sources for indicators, threat actors, and ATT&CK techniques, and copying and pasting relevant intel.
CAL ATL automatically aggregates, enriches, scores,analyzes, and filters more than 60 top threat intel-related news sources into an intel feed ready to be used in the ThreatConnect Platform with more sources being added all the time.
Native reporting engine
The CISO down to security analysts need timely and relevant information and insights to make strategic, tactical, and operational decisions. With ThreatConnect’s native Reporting engine, customers can easily create custom reports to put actionable information in front of the right people at the right time to improve defenses.
With this new capability, users can create reports directly in the Platform using the built-in report editor, saving time and effort by leveraging the intelligence already aggregated and built from your threat library in ThreatConnect with powerful graphs, charts, and free form text..
Built-in Enrichment with our top enrichment provider partners automates and streamlines the process of adding context to Indicators of Compromise. Users will have a simple, plug-and-play experience to have the most common enrichment providers set up throughout the ThreatConnect platform, helping them to identify false positives, and to pull out actionable intelligence to improve detection efficacy and speed up threat response.