ThreatConnect’s mission is to make the internet a safer place by providing a platform that helps organizations better understand and respond to cyber threats. The company aims to achieve this by offering a suite of products that unify threat intelligence, security operations, and risk management, thereby enabling more effective and efficient cyber defense. ThreatConnect’s approach, known as threat intelligence operations (TI Ops), is designed to empower security teams to prioritize and act decisively against the most significant risks to their business. This is accomplished by turning intelligence into action through a combination of analytics, automation, and machine learning.
ThreatConnect has established a strong market reputation, being recognized as one of the fastest-growing private companies in the United States for four consecutive years. The company is trusted by nearly 300 enterprise and government cyber defense teams, including four of the top five software companies and 30 of the world’s largest financial institutions. Its platform is regarded as a comprehensive solution for threat intelligence, and the company is noted for its user-friendly interface and strong customer support. ThreatConnect’s focus on providing a single platform for collective knowledge and action has positioned it as a key player in the cybersecurity industry.
Offerings, Capabilities, and Integrations
ThreatConnect provides a suite of products and services designed to unify threat intelligence, security operations, and cyber risk management. Its platform is built to operationalize threat intelligence, moving beyond simple management to actively integrate it into every facet of a security program. This is achieved through a combination of threat intelligence analysis and management, automation, orchestration, and knowledge capture. A key competitive edge for ThreatConnect is its Collective Analytics Layer (CAL)™, which utilizes AI and machine learning to analyze threat data from a global user community, providing high-fidelity, actionable intelligence. The platform’s low-code automation capabilities allow security teams to create both simple and complex playbooks to standardize processes and automate repetitive tasks. ThreatConnect integrates with a wide array of major security and IT tools, covering areas such as endpoint detection and response, SIEM and analytics, and vulnerability management, which allows for a more cohesive and effective security posture.
Products and Services
ThreatConnect’s offerings are centered around its comprehensive Threat Intelligence Platform (TIP), which serves as the foundation for its product lines. This platform enables organizations to aggregate, analyze, and act on threat intelligence from various sources. The company’s main products and services include:
- ThreatConnect Platform: This is the company’s flagship offering, a threat intelligence operations (TI Ops) platform that enables the operationalization of threat intelligence. It fuses threat intelligence into security programs, from investigation to incident response and vulnerability management. Key features include AI-powered insights through its Collective Analytics Layer (CAL)™, flexible automation with playbooks, native reporting, and graph visualization of threat data.
- ThreatConnect Risk Quantifier (RQ): This solution helps organizations quantify cyber risk in financial terms. It enables better decision-making by providing insight into the financial impact of threats and security controls, and helps prioritize investments based on the greatest business risks. This product was strengthened by the acquisition of Nehemiah Security in 2020.
- ThreatConnect Intelligence: This service provides access to high-fidelity, multi-source threat intelligence. It includes the CAL™ Automated Threat Library (ATL), which processes unstructured open-source intelligence into a structured feed.
- Security Orchestration, Automation, and Response (SOAR): ThreatConnect provides SOAR capabilities to help automate security workflows and response actions based on threat intelligence.
- Integrations: ThreatConnect offers a wide range of integrations with other security products and services, including those from CrowdStrike, Microsoft, Splunk, and Mandiant. These integrations span categories like AI, cloud security, data enrichment, and endpoint detection.
Target Customers
ThreatConnect’s target customers are primarily enterprise and government organizations that require advanced cybersecurity capabilities. The company serves a diverse range of industries, with a significant presence in the information technology and services sector. Its customer base includes some of the world’s largest companies, such as top software companies, U.S. banks, airlines, and pharmaceutical companies. ThreatConnect also works with numerous U.S. federal and defense agencies, as well as state governments. These organizations benefit from ThreatConnect’s platform by being able to move from a reactive to a proactive security posture, focusing on the most relevant threats to their business. The platform helps security operations centers (SOCs), incident response teams, and threat hunting teams to collaborate more effectively and make faster, more informed decisions. By quantifying cyber risk, ThreatConnect also enables these organizations to better communicate the return on investment of their security initiatives to executives and boards of directors.
Cloud Integrations and Marketplaces
ThreatConnect offers a range of integrations with major cloud providers and maintains a presence on several cloud marketplaces.
- Microsoft Azure
ThreatConnect is available on the Microsoft Azure Marketplace, enabling customers to operationalize cyber threat intelligence within their Azure environment. The platform integrates with various Microsoft security services, including Microsoft Graph Security, Microsoft Defender for Endpoint, and Microsoft Sentinel. These integrations allow for the exchange of threat indicators, facilitating automated alerting and blocking actions. Users can send indicators in bulk from ThreatConnect to products like Azure Sentinel and Microsoft Defender ATP for enhanced threat detection and response.
- Amazon Web Services (AWS)
ThreatConnect provides several applications for integration with Amazon Web Services. It integrates with Amazon GuardDuty to monitor for malicious activity and unauthorized behavior in AWS accounts by using threat intelligence to inform detection. This allows for the automatic deployment of IP and CIDR indicators for blocking. Additionally, ThreatConnect integrates with Amazon Elastic Compute Cloud (EC2), enabling users to perform incident response actions on EC2 infrastructure directly from the ThreatConnect platform, such as listing instances and managing tags.
- Google Cloud
ThreatConnect integrates with Google Security Operations. This allows users to enrich security data, including IP addresses, hosts, URLs, and hashes, with threat intelligence from the ThreatConnect platform. While not listed as a standalone application on the Google Cloud Marketplace, ThreatConnect appears as an available integration within Google Security Operations and other connected security services.
Key People
- Chief Executive Officer: Balaji Yelamanchili.
- President of Global Field Operations: Chris Lehman.
- Chief Financial Officer: Daniel Moser.
- EVP, Product: Andrew Pendergast.
- General Manager, Cyber Risk Quantification Products: Gerald Caponera.
- EVP of Engineering and Chief Architect: Jason Spies.
- VP of Global Demand Generation: Arpine Babloyan.
- Chairman of the Board: Dave DeWalt.
Key Facts
- Headquarters Location: Arlington, Virginia, United States.
- Number of Employees: 100-250.
- Annual Revenue: $35M.
- Parent Company: None.
- Subsidiary Companies: Polarity, Nehemiah Security.
- Publicly Listed: No.
Analyst Recognition
ThreatConnect has been recognized by industry analyst firms Forrester and Gartner for its capabilities in the cybersecurity market.
- Forrester has named ThreatConnect a “Leader” in The Forrester Wave™: Cyber Risk Quantification (CRQ), Q3 2023 report. In this report, ThreatConnect received the highest ranking in the “Current Offering” category. Forrester noted that “ThreatConnect sets the standard for a threat-driven approach to CRQ.”
- Gartner has included ThreatConnect as a “Representative Vendor” in its 2023 Market Guide for Security Threat Intelligence Products and Services.
Based on the available information, there are no specific recognitions for ThreatConnect from IDC or Everest Group.
