ThreatConnect 6.1 improves collaboration between intelligence analysts and security operations

By | 6:13 PM Leave a Comment

ThreatConnect released ThreatConnect 6.1, which significantly improves collaboration between intelligence analysts and security operations personnel through an enhanced integration of ThreatConnect’s leading Threat Intelligence Platform (TIP) and Security Orchestration, Automation and Response (SOAR).

ThreatConnect, the first in market to truly integrate TIP and SOAR capabilities, continues to change the way security works.

The only company with Cyber Risk Quantification (CRQ), TIP and SOAR capabilities combined, ThreatConnect unifies the actions of the security team around the most critical risks, supports their response with streamlined and automated workflows and strengthens the entire security ecosystem through powerful technology integrations.

ThreatConnect 6.1 provides threat intelligence analysts a direct window into ground-truth operational data, while simultaneously giving SOC analysts a single-page view of relevant, contextualized intelligence, all the way to the adversary level.

“This new release is going to drive significant improvements in the way threat intelligence and security operations work together,” said Andy Pendergast, co-founder and EVP of Product at ThreatConnect.

“By enabling multiple teams to work together in one platform, you enable your security teams to focus on the most critical threats first, while encouraging more effective team collaboration and reducing silos.

“Because cross-team insights are presented directly in the software, rather than through complex integrations and procedures, response time is improved dramatically.”

ThreatConnect 6.1 introduces three new key capabilities:

  • Linking Cases and Intelligence
  • Report Cards Everywhere
  • Actionable Artifact Context

Linking cases and intelligence

When looking at a specific adversary, Threat Intel analysts now have the ability to see all the cases that their team has investigated related to that adversary to understand if it’s something that has been seen before in their organization.

This is a critical capability when it comes to detecting and understanding the potential motives behind campaigns targeting your organization.

ThreatConnect 6.1 provides this access from the same page an analyst does their initial adversary analysis, which saves time and reduces frustration.

Through this critical functionality, associations can now be made across indicators, groups, and cases, enabling analysts to memorialize new intelligence and link it to ongoing and past investigations.

Actionable artifact context

Just knowing an artifact exists and that it is related to an investigation is not enough. With the release of 6.1, ThreatConnect has significantly expanded the amount of context provided to a SOC analyst when viewing Case Artifacts.

Now, when a SOC analyst is investigating a Case, they’re armed with the threat intelligence they need to make more informed decisions without leaving the page.

Many companies have already amassed a wealth of threat data in ThreatConnect, which can now automatically be brought into new cases and workflows to improve SOC and incident response times.

By leveraging Collective Analytics Layer (CAL), ThreatConnect’s crowd sourced threat repository with billions of data points, both new and existing users can now see which Task added the Artifact, derived indicators, and much more.

ThreatConnect 6.1 improves the way users interact with artifacts, makes it easier to prioritize artifacts based on criticality, and adds additional context for better understanding of individual artifacts.

“ThreatConnect is changing the way security works. And with ThreatConnect 6.1, we’re improving collaboration between your security teams by eliminating intelligence and operational silos, helping analysts make better decisions, and ensuring that your security enterprise remains focused on what matters most,” said Pendergast.

Report cards everywhere

Report Cards Everywhere solves a significant problem that analysts have been dealing with for years: Assessing the trustworthiness of a piece of intelligence and determining which of their many intelligence feeds are providing the highest fidelity information.

Report Cards Everywhere not only helps analysts evaluate the efficiency and accuracy of threat intelligence feeds, it provides a more holistic, moment-in-time, understanding of the specific piece of intelligence from the same interface they’re working from — saving time and improving efficiency.

It also enables the organization to prioritize investments in the most valuable intelligence feeds and offload those that do not produce actionable insights.

In ThreatConnect 6.1, all users now have access to Report Cards and can access information on feeds directly from the Indicator Details page.


from Help Net Security https://ift.tt/3kpbkoc

0 comments:

Post a Comment