ThreatConnect introduces Workflow

Latest version enables security teams to make faster and more informed decisions by providing a single Platform for threat intelligence analysis, incident response plans, and security processes.

  • 4 years ago Posted in

ThreatConnect, Inc.®, provider of the industry’s only intelligence-driven security operations platform, is proud to announce the release of ThreatConnect version 6.0. Among other features in this new release, ThreatConnect introduces Workflow, which enables interactive intelligence-powered investigation and case management capabilities for Incident Responders, Security Operations Analysts, and Cyber Threat Intelligence Analysts. ThreatConnect’s Workflow functionality reduces the risk of missing critical steps and relevant artifacts, and decreases the time it takes to uncover relevant intelligence.

 

ThreatConnect Workflow allows security teams to investigate, track, and collaborate on information related to threats and incidents with automated and manual tasks and standardised, consistent processes - all from a central location. Security team members using the ThreatConnect Platform now have a mechanism that correlates artifacts from an investigation to existing intelligence, as well as historical case data from past incidents and investigations. The Platform allows users to not only enrich cases with both internal and external threat intelligence, but also generate intelligence from those cases to be used to enhance detection, prevention, and to build out a library of relevant threats facing the organisation. This leads to a more complete picture and better understanding of an organisation’s own internal threats.

 

Adam Vincent, ThreatConnect CEO, said, “With Workflow, we have realised the vision we had for the core capabilities of our Platform. Nine years ago we set out to build a platform with the necessary capabilities to improve the cyber analysis process. We led with threat intelligence, then developed orchestration and automation through Playbooks, and now, Workflows. With ThreatConnect, security teams have a Platform that is a single source for their intel, response plans, and processes that provides a common reference point enabling collaboration, consistency, and that increases accuracy for threat-based decision making.”

 

ThreatConnect’s combination of security orchestration, automation, and response (SOAR) plus threat intelligence, provides the ability to enhance human and machine-driven security processes with internal and external intelligence on threat actors, attack techniques using MITRE ATT&CK™, and traditional indicators of compromise. In addition to improving response time with consistent and documented processes, this allows teams to maximise the amount of internally sourced threat intelligence obtained from incident response and operations teams.

 

In addition to Workflow, other 6.0 features include:

  • Custom User Roles- customers are now able to give access to the platform to more users based on their specific and unique requirements without jeopardising data or process integrity.
  • Unlimited Read-Only & Commenter User Licensing - allows customers with designated ThreatConnect licenses to provide unlimited read-only, commenter, and read-only API users to the team to enable more individuals the ability to explore data captured in the ThreatConnect Platform.
  • App Services - Users now have additional ways to loop ThreatConnect into their existing technology stack, including custom Playbook triggers, Webhooks, and custom API’s. Furthermore, they can develop these capabilities directly from App Builder and new Service app integrations will be made available through App Catalog.

 

ThreatConnect’s 6.0 release will be generally available to all existing and customers by the end of Q1.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...