The issue of “alert fatigue” is widely discussed in cyberdefense, and considered highly challenging to fix. Infamously, the preponderance of alerts produced by today’s IT systems and security tools has become overwhelming to most security teams and managed service providers.
But less talked about is another type of data overload that’s also causing problems for cybersecurity pros: The significant number of cyber threat intelligence feeds that are necessary to stay current on the attacker techniques and trends.
However, according to cybersecurity luminary Dave DeWalt, there’s an answer to this problem that’s more straightforward. In March, DeWalt became chairman of the board at ThreatConnect, a vendor that he said is unique in its ability to pull together cyber threat intelligence feeds and then prioritize threats for customers based on their particular risks.
The ThreatConnect platform “can really aggregate cyber intelligence to make it more efficient, and more accurate, and easier to respond to — then unite it to all the other domains and physical supply chains,” said DeWalt, who was formerly CEO of promient cybersecurity vendors including FireEye and McAfee.
The result, he told CRN, is that “you have one powerful platform for every enterprise to use.”
“That’s why we’re here with ThreatConnect, to help them on the journey,” said DeWalt, who is now founder, managing director and CEO of cybersecurity-focused venture firm NightDragon. “But at the same time, from my mission point-of-view of running companies and having to deal with threats like this — boy, do we need it. Society has to have something [like ThreatConnect].”
In tandem with bringing aboard DeWalt as chairman, ThreatConnect is also looking to significantly expand its work with solution and service provider partners, according to ThreatConnect CEO Balaji Yelamanchili.
Arlington, Va.-based ThreatConnect, which has nearly 200 large enterprises as customers, is especially looking to NightDragon’s NightScale platform and its network of partners to accelerate its growth with the help of the channel, Yelamanchili said.
“They are tremendous network of distributors, resellers, systems integrators and managed service providers,” he said. “Our ability to connect into that network and provide these things as-a-service, at the frontlines, is really what’s going to turbocharge us.”
Yelamanchili, an industry veteran who was formerly a top executive at companies including Symantec, Oracle and EMC, joined ThreatConnect as CEO about a year ago.
Simplifying Threat Intelligence
Utilizing analytics, machine learning and other automation technologies, ThreatConnect promises significantly improved efficacy for customers’ security — offering the ability to catch more of the real threats that could hobble an organization if not spotted and responded to, according to Yelamanchili.
That’s a massive advantage for the CISOs and CIOs who are “getting pummeled on a daily basis with vulnerabilities and threat feeds,” DeWalt said. In those roles, “you’ve got to make sense out of that and create accuracy,” which ThreatConnect can help deliver, he said.
ThreatConnect also has integrations with more than 150 tools used by security operations teams, Yelamanchili said. By providing its “precision data” to those tools, “they can, in fact, detect and protect much faster,” he said.
DigitalEra Group, a provider of solutions and services in security and networking, has been a ThreatConnect partner for several years, and has appreciated the way the platform makes it easier to leverage threat intelligence, according to Patrick Dyer, co-founder and CEO the Miami-based company.
ThreatConnect is the “glue” that connects various threat intelligence feeds, Dyer said.
“The ThreatConnect model makes it simple for us,” he said. “We don’t have to be talking with 20 different threat intelligence feeds and figuring out how to integrate that, when they can provide it in one easy package that we can digest from a subscription basis.”
The platform also excels at providing threat intelligence data that’s relevant to each customer’s specific industry vertical, Dyer said.
Overall, “I think what they’re doing is spot on,” he said.
ThreatConnect goes even further, as well, by helping to prioritize threats based on risk quantification, executives told CRN.
The ThreatConnect platform does that by enabling organizations to understand what the actual risk is, in terms of likely financial impacts, from certain threats that have been identified, Yelamanchili said.
The company maintains a large database of information about losses from past breaches, by industry vertical, and maps that onto customers’ current security controls, he said. In doing so, ThreatConnect can tell its customers that “based on your current posture, and based on what we have seen in your industry in the past, we think this is where your risk exposure is,” Yelamanchili said.
That is a rare but crucial capability to have in today’s threat and regulatory environments, DeWalt said.
In 2023, “you’ve got to really understand your risk in cyber, you’ve got to explain that risk to your shareholders, and you’re held accountable around those risk factors,” he said.
“Not only do we have a threat to deal with, and the ramifications of risks related to that, we now have regulatory compliance to adhere to, and the risk related to that. This is all this coming together,” DeWalt said. “If you don’t think about cyber together with risk, you’re missing where all this is heading.”
Ultimately, “we need to put in a platform that can help security teams understand how to report, and act accurately, and with high priority,” he said. “It’s the No. 1 thing we’re all facing in this industry.”