Episode IV: A New Scope
•Download as PPTX, PDF•
1 like•291 views
This presentation will lay out the latest improvements and features in the platform while highlighting the ways that you and your team will be able to benefit from them. You'll learn: - How to make analysts' lives easier - How to unite and empower your threat intel team - Evaluating the return on investment in threat intelligence - New ways to visualize threat intel - The value of using one platform for everything
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Episode IV: A New Scope
Similar to Episode IV: A New Scope (20)
More from ThreatConnect
More from ThreatConnect (6)
Recently uploaded
Recently uploaded (20)
Episode IV: A New Scope
- 1. 1All material confidential and proprietary February 2016 EPISODE IV: A NEW SCOPE
- 2. 2All material confidential and proprietary Bhaskar Karambelkar Data Science Lead Dan Cole Director of Product Management TODAY’S PRESENTERS © 2016 ThreatConnect, Inc. All Rights Reserved
- 3. 3All material confidential and proprietary ONE PLATFORM FOR MAKING INTELLIGENCE DRIVEN SECURITY DECISIONS ACROSS YOUR ENTERPRISE TI Team SOC Team IR Team ISAC/ISAO SIEM IPS/IDS End-point Protection Firewalls/UTM Intelligence Feeds Network Controls Vulnerability Scanner Web Proxy Public Community Private Community CISO/ CIO C-Suite/Board
- 4. 4All material confidential and proprietary THE THREATCONNECT PLATFORM © 2016 ThreatConnect, Inc. All Rights Reserved
- 5. 5All material confidential and proprietary INTEGRATIONS Premium Intelligence Solutions
- 6. 6All material confidential and proprietary
- 7. 7All material confidential and proprietary New Dashboard User Interface NEW WAYS TO VISUALIZE YOUR INTEL UI
- 8. 8All material confidential and proprietary Relevance Accuracy Quality EVALUATE THE RETURN ON YOUR INVESTMENT IN YOUR THREAT INTELLIGENCE • Rate sources using a threat rating and confidence rating scale • Observations allow users to see how relevant their intelligence sources are in the platform • False positives reporting capability ✓
- 9. 9All material confidential and proprietary JavaScript SDK Application Spaces UNITE AND EMPOWER YOUR THREAT INTEL TEAM
- 10. 10All material confidential and proprietary Intel Visualizatio n Automated Enrichment MAKE ANALYSTS’ LIVES EASIER
- 11. 11All material confidential and proprietary DIAMOND MODEL © 2016 ThreatConnect, Inc. All Rights Reserved
- 12. 12All material confidential and proprietary THREATCONNECT DASHBOARD www.threatconnect.com/threatconnect-4-0-now-with-a-real-dashboard/
- 13. 13All material confidential and proprietary INDICATOR ACTIVITY © 2016 ThreatConnect, Inc. All Rights Reserved • Distinguish between enriched and non- enriched indicators • Shows a trend-line to indicate cumulative growth • Shows a breakdown by indicator type • Scope of the data can be global/community/organization/ feed
- 14. 14All material confidential and proprietary SOURCE MAGIC QUADRANTS • Plots feed sources on threat ratings v/s confidence quadrants • Size determines quantity and opacity determines enrichment • Allows comparison of feeds • One stop shop to get to know, compare, and evaluate TI feeds • Current metrics are more subjective than objective © 2016 ThreatConnect, Inc. All Rights Reserved
- 15. 15All material confidential and proprietary INTELLIGENCE & ACTIVITIES © 2016 ThreatConnect, Inc. All Rights Reserved • Shows current value and a trend-line with historic data • Trend-lines serve dual purpose
- 16. 16All material confidential and proprietary WHAT’S COMING? © 2016 ThreatConnect, Inc. All Rights Reserved Sharing incentives • More incentives for sharing data between community, with a symbiotic eco-system Dashboard upgrade • More powerful and interactive dashboard Enhanced metrics • More meaningful and objective metrics for IOC/feed ratings/confidence More reporting and analysis features • More apps and features for data visualizations reporting and analysis More powerful, streamlined SIEM integrations
- 17. 17All material confidential and proprietary THE FORCE IS STRONG WITH OUR PLATFORM IF THE EMPEROR KNEW LUKE COULD TARGET WOMP RATS, MAYBE HE WOULD HAVE PROTECTED HIS EXHAUST PORT. www.threatconnect.com/diamond-model-threat-intelligence-star-wars/
- 18. 18All material confidential and proprietary QUESTIONS? © 2016 ThreatConnect, Inc. All Rights Reserved
- 19. 19All material confidential and proprietary • See a personalized Demo • www.threatconnect.com/request-a-demo • Sign up for Free Account • www.threatconnect.com/free TAKE ACTION © 2016 ThreatConnect, Inc. All Rights Reserved
- 20. 20All material confidential and proprietary dcole@threatconnect.com info@threatconnect.com www.threatconnect.com THANK YOU
Editor's Notes
- Hello and welcome to this ThreatConnect webinar event In this webinar we will introduce ThreatConnect version 4.0, which we have playfully nicknamed Episode IV: A New Scope (as major Star Wars geeks we just couldn’t help ourselves) This presentation will lay out the latest improvements and features in the platform while highlighting the ways that you and your team will be able to benefit from them. Slides from this presentation along with a recording of this webinar will both be available upon request following the live event. Today’s presenters include Dan Cole, our Director of Product Management and Bhaskar Karambelkar, Data Science Lead I’ll hand it off to Dan now to get things started…
- Today’s presenters include Dan Cole, our Director of Product Management and Bhaskar Karambelkar, Data Science Lead I’ll hand it off to Dan now to get things started…
- You need to look at a platform oriented approach to protecting your organization. You need a threat intelligence platform. You need one platform that allows you to manage your entire threat intelligence and security practice. To manage your entire security posture. You need to be able to affectively collaborate internally with your security stakeholders and teams, externally with communities and ISAC/ISAOs. You need to be able to tie your entire security infrastructure together via API integrations to make your firewalls, IPS/IDS, network controls, etc. smarter and increase your teams efficiency, allowing them to act on threats automatically. You need a platform that can help you evaluate the value of your data feeds and your network defense products. You need a platform that allows you as the CISO to evaluate your security spend and make targeted investment decisions. You need a platform that allows your team to better execute on your security plans.
- Threatconnect has a powerful API integration. We currently have stable integrations with well over a dozen intelligence providers and solutions. Our platform was fundamentally built to easily integrate with what ever solutions or intelligence feeds you might already subscribe to/use or plan to subscribe to/use in the future. Our API is open and flexible, it was designed to have no integration limitations.
- Speed up your analysis, see more threat patterns, and better protect your organization from threats with our new dashboard. Get a a concise visualization of all of your data, and take a look at our completely new user interface (UI).t Updated User Interface -- ThreatConnect’s new UI easier to use and faster to navigate, so you can more readily understand your intel and take action. The new UI is also fully responsive, so it can be viewed on any device. You can now take your threat intelligence with you wherever you go. New Dashboard -- Our new dashboard has greatly increased functionality. Now you can see an overview of your ThreatConnect data and your team’s tasks all in one screen. The dashboard’s main data visualizations include sources, indicators, intelligence and activities. Differentiate the quality of your sources by enrichment, quantity and confidence, to more easily characterize and compare your intelligence. Quickly see an overview of all team members’ tasks to ensure maximum efficiency and collaboration.
- With our ROI for Threat Intelligence feature in ThreatConnect, you will finally be able to get insight into the effectiveness of your intelligence sources. You can now differentiate your sources by quality, relevance, and accuracy. Quality -- ThreatConnect’s TIP allows you to rate your sources using a threat rating scale and a confidence rating scale that is built right into the source configuration. Once you determine how severe the threat is and how confident you are in the information, all of the data scraped from the source will then be automatically assigned with those ratings. Relevance -- ThreatConnect Observations allow users to see how relevant their intel sources are within the platform. By integrating with third-party intelligence providers, ThreatConnect can record how often a particular indicator is observed on a user’s network and tie it back to the source in the platform. Accuracy -- ThreatConnect now has false positive reporting capability. An analyst can see if an indicator is known as good, even if it is associated to an incident. This allows analysts to focus their time and effort on real threats.
- You want to work with your data and your team, your way. And you want it in a way that your whole team can utilize. With the new, enhanced software development kit (SDK) available through ThreatConnect Episode IV: A New Scope, you can both build apps using JavaScript and host your apps in one central environment. New Application Spaces Feature -- ThreatConnect now lets you build apps, host and view them directly in the platform. Apps can be “platform-wide” and hosted in a central location, or built so they’re “context-aware” and hosted as part of specific types of indicators. Apps can also talk to one another so you can chain them together, helping unite and visualize all your threat intel in a more seamless experience. JavaScript SDK -- With the new JavaScript SDK, you can also build web-based apps using JavaScript, enabling you to customize ThreatConnect even more. You can build and use apps without knowledge of complicated programming languages like Python or Java, creating more opportunity to customize and collaborate, greatly extending your threat intelligence platform and uniting your entire team.
- The more we can help automate manual tasks, the more time you --the analysts --can spend on analyzing your threat intelligence. Automated Enrichment of Indicators -- ThreatConnect now offers automated enrichment of indicators through our third party apps. The indicators will now be automatically enriched with data from the apps, enabling quicker and easier analysis. In-Platform Threat Intelligence Visualization -- You already get your threat intelligence from a number of places. With ThreatConnect’s visualization app, you can see all of your data -- indicators, adversaries, threats, tags, emails, incidents, etc -- at the same time. In the app, visualize all of your data, and pivot between them at will. By visualizing your threat intelligence sources, you can more easily understand the relationships between them, making your analysis more effective and efficient than ever before.
- The Diamond Model for Intrusion Analysis, a DOD developed standard for recording intrusion related information, co-authored by a TC co-founder. Major Points 4 corners , Two axis (Socio Political and Technical). Allows you to capture details of an intrusion along the 4 corners and the 2 axis. Allows you to pivot from one corner on to other across incidents.
- Brand new Dashboard in 4.0 4 Major Sections Sources, Indicators, Intelligence and Activities One stop shop for all your information in the platform. Allows you to view real time as well as historic information. Focused on showing you what’s really important in a meaningful way and not bling bling DataViz. Built on principles of good industry and academia approved Data Viz practices.
- Thank you Bhaskar. For our fellow Star Wars junkies I wanted to be sure to share our blog post from last year from our own Wade Baker, titled “Luke in the Sky with Diamonds” where we applied the Diamond Model for Intrusion Analysis to the Star Wars Battle of Yavin, which takes place in the original star wars movie (a New Hope). The URL to this blog post is listed on the slide plus you can also download the PDF version that is attached in the “Handouts” section of your GoToWebinar viewing unit.
- We’ll take a few minutes now to answer a couple of interesting questions that have come in. Can you provide some examples on what kinds of apps people can build in Spaces? It was mentioned that more integrations are coming, can you tell us about some that are currently in the works?
- Before we wrap up here I wanted to encourage all of our viewers to request a personalized demo, these can be tailored specifically to your organization and they are a great medium for addressing any items in greater detail. You can also sign up for a free account at www.threatconnect.com/free, this is the best way to see the platform in action and experience it on your own.
- And that concludes our webinar for today. I’ve put Dan Cole’s email address here if you have any questions or comments related to this presentation or the product itself. Any general questions related to the company can be sent to info@threatconnect.com and as always you can visit threatconnect.com to stay up to date on all the latest content, events, blog posts and more. Thank you to everyone for tuning in and spending some time with us, have a great rest of your day. See you next time.