This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| ThreatConnect | |
|---|---|
| Name | ThreatConnect |
| Type | Private |
| Industry | Cybersecurity |
| Founded | 2011 |
| Founders | Jason Schultz, Adam Vincent, Chad Kinsey |
| Headquarters | Arlington, Virginia, United States |
| Key people | Jason Schultz, Adam Vincent, Chad Kinsey |
| Products | Threat intelligence platform, SOAR, TIP |
ThreatConnect is a cybersecurity company providing a threat intelligence platform and security orchestration capabilities used by government agencies, corporations, and managed security providers. The platform aggregates indicators, context, and analytics to support incident response, threat hunting, and strategic risk decisions for organizations across sectors. Customers include entities in critical infrastructure, finance, healthcare, and defense seeking to operationalize threat intelligence and automate workflows.
ThreatConnect was established to combine threat intelligence, security orchestration, and analytics into an enterprise-grade platform. The company positioned itself among vendors offering threat intelligence platforms alongside organizations such as Recorded Future, Anomali, FireEye, CrowdStrike, and Splunk. Its market presence intersects with cybersecurity ecosystems involving vendors like Palo Alto Networks, Cisco, Microsoft, IBM, and Amazon Web Services. Industry analysts from Gartner, Forrester Research, and IDC have compared the company with peers in reports on TIP and SOAR capabilities. Strategic partnerships include integrations with providers such as McAfee, Trend Micro, Sophos, and VMware.
ThreatConnect was founded in 2011 by former practitioners with backgrounds in intelligence and security operations. Early funding and growth paralleled developments at organizations including Mandiant, RSA Security, Symantec, Kaspersky Lab, and Bitdefender. The company expanded its product set through iterative releases influenced by incident response work at agencies and firms such as Department of Homeland Security, National Security Agency, Federal Bureau of Investigation, Deloitte, and PricewaterhouseCoopers. Over time, the platform evolved to incorporate automation mechanisms inspired by research from institutions like MITRE, Carnegie Mellon University, SANS Institute, Stanford University, and University of Maryland. Executive leadership changes and strategic hires included talent from Lockheed Martin, Northrop Grumman, and Booz Allen Hamilton. The company’s trajectory mirrored consolidation events in the sector alongside acquisitions by Broadcom, Okta, and others that reshaped vendor landscapes.
The ThreatConnect platform integrates threat intelligence management, case management, orchestration, and analytics. Capabilities include indicator management, playbook-driven automation, alert enrichment, and reporting for teams in corporate security operations centers such as those at Bank of America, JPMorgan Chase, Walmart, Pfizer, and ExxonMobil. Features support analyst workflows similar to offerings from Splunk Phantom, ServiceNow, Siemplify, Swimlane, and SentinelOne. Visualization and analytics draw on taxonomies and frameworks from MITRE ATT&CK, STIX, TAXII, VERIS, and NIST Cybersecurity Framework. The platform exposes dashboards and connectors to ingest logs from endpoints and network devices produced by vendors like Fortinet, Check Point, Juniper Networks, Aruba Networks, and F5 Networks.
Threat intelligence ingestion sources encompass open-source feeds, commercial providers, and community-contributed intelligence. Integrations include feeds from VirusTotal, AlienVault OTX, AbuseIPDB, Team Cymru, PhishTank, ShadowServer, and Spamhaus. Commercial and government feeds that customers commonly correlate include datasets from Recorded Future, FireEye, CrowdStrike Intelligence, Kaspersky Threat Intelligence Services, McAfee Labs, and CERT Coordination Center. Contextual enrichment derives from malware analysis platforms such as VirusTotal Intelligence, Cuckoo Sandbox, Hybrid Analysis, and research from vendors like Trend Micro Research and ESET Research. The platform supports standards-based exchange with formats and initiatives from OASIS, STIX/TAXII, OpenIOC, MAEC, and community projects like MISP.
ThreatConnect provides APIs, SDKs, and connector libraries to integrate with SIEMs, EDR, ticketing, and cloud platforms. Common integrations include Splunk Enterprise Security, Elastic Stack, Microsoft Azure Sentinel, IBM QRadar, LogRhythm, and ArcSight. Endpoint and EDR connectors include Carbon Black, CrowdStrike Falcon, Microsoft Defender for Endpoint, Symantec Endpoint Protection, and Sophos Intercept X. Cloud and identity integrations encompass Amazon Web Services, Microsoft Azure, Google Cloud Platform, Okta, and Ping Identity. Automation interfaces mirror orchestration approaches from Ansible, Puppet, Chef, SaltStack, and container tooling like Docker and Kubernetes. The company’s RESTful APIs and Python SDK enable custom connectors similar to integrations offered by Rapid7 and Tenable.
Enterprises and public-sector organizations deploy the platform for incident response, threat hunting, vulnerability prioritization, and intelligence sharing. Typical deployments occur in environments run by entities such as NATO, European Union Agency for Cybersecurity, US Department of Defense, Centers for Disease Control and Prevention, and major financial institutions. Use cases include automated blocking of indicators via firewall and proxy integrations with vendors like Palo Alto Networks, Cisco ASA, Fortinet FortiGate, and Blue Coat, as well as enrichment of SIEM alerts from Splunk or QRadar to reduce analyst mean time to detect and respond. Managed security service providers such as Secureworks, Trustwave, and AT&T Cybersecurity incorporate the platform into service offerings for threat monitoring and reporting.
The platform addresses regulatory and compliance needs relevant to sectors governed by frameworks and laws such as HIPAA, PCI DSS, FISMA, GDPR, and SOX. Security controls and audit features assist customers subject to standards from ISO/IEC 27001, NIST Special Publication 800-53, and guidance from CISA. Data handling practices often reflect requirements for cross-border transfers involving regions overseen by institutions like the European Commission and national authorities. The company publishes advisories and guidance aligned with community disclosure practices seen in CERT Coordination Center advisories and coordinates with incident response entities including FIRST and national CERT teams.