ThreatConnect

ThreatConnect is a full-featured, community-enabled security intelligence solution that stops cyber threats by putting actionable threat intelligence into the hands of cyber defenders.   Designed by analysts for analysts, cyber operators can use ThreatConnect to input and share threat indicators, crowdsource cyber analysis problems, collaborate across security events, provide common reporting, and most importantly to protect their organization against sophisticated cyber threats. ThreatConnect’s powerful, automated threat analysis engine allows organizations to manage cyber threats throughout their lifecycle and pay attention to what matters, so they can take focused defensive actions.

• Overview

• Coordination

• Automation

• Workflow

• Data Integration

With ThreatConnect, you can:

• Identify common links between indicators
• Conduct suspicious email analysis
• Track adversary infrastructure
• Make connections across shared indicators, events, incidents, and threats
• Support community data enrichment, rating, and collaboration
• Unite your efforts and stand together

The adversaries are sharing with each other, and so should we.  Since adversaries tend to reuse tradecraft between attacks, analysts across the community have asked for a way to coordinate and share their analytic findings in real time. ThreatConnect supports sharing of threat analysis across organizations and trusted communities. Connected users can discuss the threat activity they are observing or collaborate around a shared incident or campaign.  With ThreatConnect, you have the power to share with those you trust, with the flexibility to decide what you share.

• Connections: The first step to working as a team is making a “connection.”   All you need to do is invite another analyst or organization to connect by accessing Connections in ThreatConnect, clicking New and entering the user’s email address.  Once the email is received, the recipient can complete the connection process.
• Sharing: While you have the ability to see your connections, this does not mean that you’ve shared anything.  With ThreatConnect, you control exactly what you share and with whom.
• Teamwork: Think virtual water cooler.  ThreatConnect provides a place where analysts can collaborate freely around the threat.  Connected users can discuss the threat activity they are observing or collaborate around a shared incident or campaign.
• Enrichments: Provide the ability to make informal recommendations or authoritative statements about indicators, threats, campaigns, and incidents.
• Community Ratings: Through our community driven rating system, you can see individual and community analyst confidence levels.  You can also quickly determine analyst’s accuracy and confidence surrounding threats, interpret “group think” assessments, as well as consider “alternate competing hypotheses” and dissenting views.
• Get Help: No one has all of the answers.  If you need help from time to time, or want a second opinion, Cyber Squared’s Intelligence Support Team (C2IST) can be accessed through ThreatConnect.  They are the people to turn to when you have hit a wall.

ThreatConnect’s powerful, automated threat analysis engine lets organizations manage cyber threats throughout their lifecycle and pay attention to what matters, so they can take focused defensive actions.  ThreatConnect.com builds awareness of cyber threats more effectively than any tool on the market.

• Track: The majority of sophisticated security events contain malware that rely on dynamic infrastructure to communicate. ThreatConnect provides real time tracking for the most up-to-date understanding of the infrastructure utilized by a threat.
• Malware: Timely malware analysis is a critical starting point across all events. ThreatConnect utilizes the power of malware analysis engines to initiate mitigation processes without the overhead of an internal malware analysis shop.
• Notify: Swift action is needed against targeted threats. Analysts must notify community stakeholders of their analytic results in a timely manner. ThreatConnect notifications allow you to ‘follow’ what you are interested in and receive notifications of threat activity when it matters most.
• Protect: Support for integration across existing network defense staffs and products is required. ThreatConnect supports collaborative signature development and sharing, so intelligence produced both inside of ThreatConnect and community derived signatures can be utilized across your enterprises’ defensive solutions.

With ThreatConnect’s intuitive and secure user interface, you will be analyzing security threats and working with the community within minutes.  ThreatConnect brings together the best elements found within security mailing lists, automated malware analysis, domain intelligence services, and reporting into a single easy to use platform.

• No training needed: Analyst productivity was a primary concern, so ThreatConnect was thoughtfully designed with best practice processes in mind.  A clean, well-designed interface makes using ThreatConnect.com intuitive for any skill level.
• Work Together: ThreatConnect provides a place where analysts can coordinate their efforts.  Connected users can discuss the threat activity they are observing, carry out day-to-day analysis tasks, or plan a response around a shared incident or campaign.
• Keep a Record: ThreatConnect tracks analysis as you and your team carry out your objectives.  This allows someone else on the team to pick up where another leaves off and monitor progress throughout the life cycle of analysis.
• Outsourcing: Cyber Squared’s Intelligence Support Team (C2IST) can be accessed through ThreatConnect.  They are the people to turn to when you need some help.

The dynamic and persistent nature of the cyber adversary significantly decreases the effectiveness of even well-staffed and trained network defense organizations.  Today, cyber threats are being analyzed and tracked manually with various toolsets, and are reported on in various means, informally and formally.  Often times, “circular reporting” is consumed by analysts across the community which results in costly redundant efforts and slow response times during critical moments when minutes count to protect the organization.

• Standardizing “Searchable” Threat Data: Analysts use a variety of approaches to collect, fuse, and analyze the threat indicators uncovered during cyber intelligence, network defense, and incident response processes.  By leveraging ThreatConnect to conduct collections and fuse this information, a pro-active defense, response and mitigation effort can be put in place more quickly.
• Email Phishing Analysis: If an email is suspicious, submit it to ThreatConnect.com for analysis.  ThreatConnect automatically analyzes the header, attachments, and body, and provides you with a score based on all the data within ThreatConnect.  You can then associate the email and it’s indicators with an existing or new incident or threat.
• Data Analysis: ThreatConnect provides support for standard reporting and trending (Threat A over 12 months), early warning (Threat A may be targeting Industry B), and notifications (Threat A has changed).
• Export & Reporting: You will need to use your new found threat data to protect your organization. With ThreatConnect simply export the data and use it as you wish.

ThreatConnect is available for purchase as either on-premise, or cloud hosted software. Also, since our corporate mission is to make protection against targeted attacks by sophisticated threats affordable and available to everyone, we are additionally working on a Software as a Service (SaaS) option. If you are interested in the on-premise or cloud hosted product, please contact us for more information.  If you are interested in learning more about the SaaS offering, or registering for an account, go to www.threatconnect.com.