This presentation will lay out the latest improvements and features in the platform while highlighting the ways that you and your team will be able to benefit from them.
You'll learn:
- How to make analysts' lives easier
- How to unite and empower your threat intel team
- Evaluating the return on investment in threat intelligence
- New ways to visualize threat intel
- The value of using one platform for everything
3. 3All material confidential and proprietary
ONE PLATFORM
FOR MAKING INTELLIGENCE DRIVEN SECURITY DECISIONS ACROSS YOUR ENTERPRISE
TI Team
SOC Team
IR Team
ISAC/ISAO
SIEM
IPS/IDS
End-point Protection
Firewalls/UTM
Intelligence Feeds
Network Controls
Vulnerability Scanner
Web Proxy
Public Community
Private Community
CISO/ CIO
C-Suite/Board
7. 7All material confidential and proprietary
New
Dashboard
User
Interface
NEW WAYS TO VISUALIZE YOUR INTEL
UI
8. 8All material confidential and proprietary
Relevance
Accuracy
Quality
EVALUATE THE RETURN ON YOUR INVESTMENT
IN YOUR THREAT INTELLIGENCE
• Rate sources using a threat
rating and confidence
rating scale
• Observations allow users to
see how relevant their
intelligence sources are in
the platform
• False positives reporting
capability
✓
9. 9All material confidential and proprietary
JavaScript
SDK
Application
Spaces
UNITE AND EMPOWER YOUR THREAT INTEL
TEAM
10. 10All material confidential and proprietary
Intel
Visualizatio
n
Automated
Enrichment
MAKE ANALYSTS’ LIVES EASIER
17. 17All material confidential and proprietary
THE FORCE IS STRONG WITH OUR PLATFORM
IF THE EMPEROR
KNEW LUKE
COULD TARGET
WOMP RATS,
MAYBE HE
WOULD HAVE
PROTECTED HIS
EXHAUST PORT.
www.threatconnect.com/diamond-model-threat-intelligence-star-wars/
20. 20All material confidential and proprietary
dcole@threatconnect.com
info@threatconnect.com
www.threatconnect.com
THANK YOU
Editor's Notes
Hello and welcome to this ThreatConnect webinar event
In this webinar we will introduce ThreatConnect version 4.0, which we have playfully nicknamed Episode IV: A New Scope (as major Star Wars geeks we just couldn’t help ourselves)
This presentation will lay out the latest improvements and features in the platform while highlighting the ways that you and your team will be able to benefit from them. Slides from this presentation along with a recording of this webinar will both be available upon request following the live event.
Today’s presenters include Dan Cole, our Director of Product Management and Bhaskar Karambelkar, Data Science Lead
I’ll hand it off to Dan now to get things started…
Today’s presenters include Dan Cole, our Director of Product Management and Bhaskar Karambelkar, Data Science Lead
I’ll hand it off to Dan now to get things started…
You need to look at a platform oriented approach to protecting your organization.
You need a threat intelligence platform.
You need one platform that allows you to manage your entire threat intelligence and security practice. To manage your entire security posture.
You need to be able to affectively collaborate internally with your security stakeholders and teams, externally with communities and ISAC/ISAOs.
You need to be able to tie your entire security infrastructure together via API integrations to make your firewalls, IPS/IDS, network controls, etc. smarter and increase your teams efficiency, allowing them to act on threats automatically.
You need a platform that can help you evaluate the value of your data feeds and your network defense products.
You need a platform that allows you as the CISO to evaluate your security spend and make targeted investment decisions.
You need a platform that allows your team to better execute on your security plans.
Threatconnect has a powerful API integration.
We currently have stable integrations with well over a dozen intelligence providers and solutions.
Our platform was fundamentally built to easily integrate with what ever solutions or intelligence feeds you might already subscribe to/use or plan to subscribe to/use in the future.
Our API is open and flexible, it was designed to have no integration limitations.
Speed up your analysis, see more threat patterns, and better protect your organization from threats with our new dashboard. Get a a concise visualization of all of your data, and take a look at our completely new user interface (UI).t
Updated User Interface -- ThreatConnect’s new UI easier to use and faster to navigate, so you can more readily understand your intel and take action. The new UI is also fully responsive, so it can be viewed on any device. You can now take your threat intelligence with you wherever you go.
New Dashboard -- Our new dashboard has greatly increased functionality. Now you can see an overview of your ThreatConnect data and your team’s tasks all in one screen. The dashboard’s main data visualizations include sources, indicators, intelligence and activities. Differentiate the quality of your sources by enrichment, quantity and confidence, to more easily characterize and compare your intelligence. Quickly see an overview of all team members’ tasks to ensure maximum efficiency and collaboration.
With our ROI for Threat Intelligence feature in ThreatConnect, you will finally be able to get insight into the effectiveness of your intelligence sources. You can now differentiate your sources by quality, relevance, and accuracy.
Quality -- ThreatConnect’s TIP allows you to rate your sources using a threat rating scale and a confidence rating scale that is built right into the source configuration. Once you determine how severe the threat is and how confident you are in the information, all of the data scraped from the source will then be automatically assigned with those ratings.
Relevance -- ThreatConnect Observations allow users to see how relevant their intel sources are within the platform. By integrating with third-party intelligence providers, ThreatConnect can record how often a particular indicator is observed on a user’s network and tie it back to the source in the platform.
Accuracy -- ThreatConnect now has false positive reporting capability. An analyst can see if an indicator is known as good, even if it is associated to an incident. This allows analysts to focus their time and effort on real threats.
You want to work with your data and your team, your way. And you want it in a way that your whole team can utilize. With the new, enhanced software development kit (SDK) available through ThreatConnect Episode IV: A New Scope, you can both build apps using JavaScript and host your apps in one central environment.
New Application Spaces Feature -- ThreatConnect now lets you build apps, host and view them directly in the platform. Apps can be “platform-wide” and hosted in a central location, or built so they’re “context-aware” and hosted as part of specific types of indicators. Apps can also talk to one another so you can chain them together, helping unite and visualize all your threat intel in a more seamless experience.
JavaScript SDK -- With the new JavaScript SDK, you can also build web-based apps using JavaScript, enabling you to customize ThreatConnect even more. You can build and use apps without knowledge of complicated programming languages like Python or Java, creating more opportunity to customize and collaborate, greatly extending your threat intelligence platform and uniting your entire team.
The more we can help automate manual tasks, the more time you --the analysts --can spend on analyzing your threat intelligence.
Automated Enrichment of Indicators -- ThreatConnect now offers automated enrichment of indicators through our third party apps. The indicators will now be automatically enriched with data from the apps, enabling quicker and easier analysis.
In-Platform Threat Intelligence Visualization -- You already get your threat intelligence from a number of places. With ThreatConnect’s visualization app, you can see all of your data -- indicators, adversaries, threats, tags, emails, incidents, etc -- at the same time. In the app, visualize all of your data, and pivot between them at will. By visualizing your threat intelligence sources, you can more easily understand the relationships between them, making your analysis more effective and efficient than ever before.
The Diamond Model for Intrusion Analysis, a DOD developed standard for recording intrusion related information, co-authored by a TC co-founder.
Major Points
4 corners , Two axis (Socio Political and Technical). Allows you to capture details of an intrusion along the 4 corners and the 2 axis.
Allows you to pivot from one corner on to other across incidents.
Brand new Dashboard in 4.0
4 Major Sections Sources, Indicators, Intelligence and Activities
One stop shop for all your information in the platform. Allows you to view real time as well as historic information.
Focused on showing you what’s really important in a meaningful way and not bling bling DataViz.
Built on principles of good industry and academia approved Data Viz practices.
Thank you Bhaskar.
For our fellow Star Wars junkies I wanted to be sure to share our blog post from last year from our own Wade Baker, titled “Luke in the Sky with Diamonds” where we applied the Diamond Model for Intrusion Analysis to the Star Wars Battle of Yavin, which takes place in the original star wars movie (a New Hope).
The URL to this blog post is listed on the slide plus you can also download the PDF version that is attached in the “Handouts” section of your GoToWebinar viewing unit.
We’ll take a few minutes now to answer a couple of interesting questions that have come in.
Can you provide some examples on what kinds of apps people can build in Spaces?
It was mentioned that more integrations are coming, can you tell us about some that are currently in the works?
Before we wrap up here I wanted to encourage all of our viewers to request a personalized demo, these can be tailored specifically to your organization and they are a great medium for addressing any items in greater detail.
You can also sign up for a free account at www.threatconnect.com/free, this is the best way to see the platform in action and experience it on your own.
And that concludes our webinar for today.
I’ve put Dan Cole’s email address here if you have any questions or comments related to this presentation or the product itself.
Any general questions related to the company can be sent to info@threatconnect.com and as always you can visit threatconnect.com to stay up to date on all the latest content, events, blog posts and more.
Thank you to everyone for tuning in and spending some time with us, have a great rest of your day. See you next time.