• slide
  • slide
  • slide
  • slide


Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect's intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. Centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness in one place. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit www.ThreatConnect.com.

Case Studies

Automating Analytical Processes

The Customer needed an automated process to ingest indicators from ISAC communities and then to provide the data to their SIEM integration, QRadar. Automated ingestion would provide the customer’s Incident Response (IR) team the ability to monitor for relevant and actionable intelligence within their network. Learn More...

Automating the Process of Blocking Malicious Indicators with Playbooks

Needed to decrease the time between the Threat Intel team identifying indicators affecting their industry, and the Networking team implementing the appropriate block controls. Additionally, they wanted to make the process of requesting the block easier on the Threat Intel analysts. Learn More...

Creating an Efficient Reporting Workflow To and From the Security Operations Center

3 months after we launched, the customer was able to establish a streamlined communication process between the SOC and individual groups throughout the organization. This led to a decrease in the time it takes to notify the SOC of a potential incident or indicator of compromise, as well as an improvement in the quality and amount of historical data being housed for future queries. Learn More...

Establishing a Strong Partnership to Ensure Continued Success

This was the first time this organization was deploying a security operations platform and they needed a trusted partner to help them mature their program and their usage of ThreatConnect along with it. Learn More...

Upgrading from an Open Source Threat Intelligence Database

The customer needed a Threat Intelligence Platform to replace an open source database (CRITS) that had become overloaded and unusable. The replacement platform needed to make conducting analysis easy in order to identify and mitigate suspected threats in a highly-scripted and automated environment. Learn More...

Using Automation to Collaborate with Partners

Needed a way to collaborate with partners to be able to streamline indicator enrichment and incident response to better identify and mitigate suspected threats in a timely, efficient manner. Learn More...

Data Sheets

Intelligence, Automation, Analytics, and Workflows in a Single Platform

With ThreatConnect, you are able to centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness all in one place. Make your security operations and analysts more efficient, while providing real-time insights to security leaders to make better business decisions. Learn More...

ThreatConnect for Security Leadership

With ThreatConnect, you’re able to automate and control your security operations out of one Platform, providing multiple benefits for your organization. Learn More...

ThreatConnect for Case Management

The ThreatConnect ® Platform provides a central location for security analysts and incident responders to record, analyze, and interact with all information related to the case at hand. ThreatConnect allows you to not only enrich cases with both internal and external threat intelligence but also gives you the ability to generate intelligence from those cases to be added back into the Platform. This leads to a more complete picture and a better understanding of your own internal threats. Creating a consistently running feedback loop ensures that you’re squeezing all the intelligence you can from all internal processes and applying it for smarter decision making. Learn More...

ThreatConnect Dashboards

Easily visualize data that shows the impact of your security efforts and gain a better understanding of the threats your organization faces. Automatically monitor your security operations and intelligence in a way that is actionable and meaningful for you and your team. View, edit, or create custom dashboards to track the metrics that will inform critical decision-making for your security operations. Learn More...

ThreatConnect’s CAL (Collective Analytics Layer)

ThreatConnect’s CAL™ (Collective Analytics Layer) provides a way to learn how many times potential threats were identified across all participating Platform instances. CAL anonymously leverages the thousands of analysts worldwide who use ThreatConnect. Learn More...

Aligning the Intelligence Cycle with ThreatConnect

The Intelligence Cycle is a six-step methodology adopted by various worldwide public and private organizations to create and circulate intelligence products in support of their mission objectives. The capabilities and features included with the ThreatConnect Platform enable and streamline the execution of this process. Here, each phase of the cycle is briefly defined, followed by the features and capabilities aligned to each phase. Learn More...

ThreatConnect for Incident Response

With ThreatConnect, you’re able to centralize your intelligence and automate your processes out of one Platform, driving multiple benefits for your incident response team. Learn More...

ThreatConnect for Threat Intel Analysts

With ThreatConnect, automate tasks and easily access data so you can get this information to other team members and tools for faster decision making. Learn More...

Training & Learning

Social Media


  • SC Media Review - 2019 (5/5)
  • SOAR Platform of the Year Award in 2019 CyberSecurity Breakthrough Awards Program
  • Inc5000 America’s Fastest-Growing Private Companies 2018, 2019
  • Virginia Business and Best Companies Group name ThreatConnect as one of the Best Places to Work in Virginia, 2019
  • Washington Business Journal’s Top 75 Fastest Growing Private Companies in DC, 2018, 2019
  • Excellence Award finalist in the Customer Service category for the 2020 SC Awards.
  • CyberCrime Magazine’s Hot 150 Cybersecurity Companies To Watch In 2020



GSA Schedule 70

Dec 20, 2011- Dec 19, 2021


May 01, 2015- Apr 30, 2025


Mar 03, 2015- Aug 10, 2020
*Additional Option Years Available

State and Local

Maryland Master Contract (COTS)

Oct 01, 2012- Sep 30, 2027


Massachusetts Higher Education Consortium (MHEC)

Aug 10, 2019- Jun 30, 2022


Archived Events


Latest News

ThreatConnect, Inc.®, provider of the industry’s only intelligence-driven security operations platform, is proud to announce that it has been added to the Department of Homeland Security’s (DHS) ...



We’ve heard it before; the cyber threat landscape is changing so rapidly that it’s impossible for security teams to keep up. Everyday, analysts make multiple decisions that have the potential to impact the entire organization: What should I do about this alert? Is this even dangerous? Will I be ...

Case Study

The customer needed a Threat Intelligence Platform to replace an open source database (CRITS) that had become overloaded and unusable. The replacement platform needed to make conducting analysis easy in order to identify and mitigate suspected threats in a highly-scripted and automated environment.


The ThreatConnect Platform was specifically designed to help users understand adversaries, automate workflows, and mitigate threats faster using threat intelligence. When integrated with Flashpoint, users can seamlessly access finished intelligence and targeted data from illicit online communities. ...

ThreatConnect commissioned Forrester to conduct a Total Economic Impact (TEI) study, examining the potential Return on Investment (ROI) organizations might realize by implementing the ThreatConnect Platform. Watch this video as we provide a framework to evaluate the financial impact of the ThreatCon...

Adding new security tools to your SOC toolset may help alert you to the newest cyber threats to your business. However, when a zillion unprioritized alerts hit you in a day, you might start treating them like whack-a-mole or the snooze button on your alarm clock. How can you manage security alerts s...

Watch this webinar to hear Joe Reese, Product Manager at ThreatConnect and guest speaker Joseph (JB) Blankenship, Principal Analyst at Forrester discuss the effect security automation is having on infrastructure and security processes. They talk about how automation can reduce security “grunt work...


Organizations relentlessly battle adversaries to maintain adequate levels of Cyber Mission Assurance (CMA), while Threat Analysts remain consumed with researching and can only hypothesize who the next victim may be. This unfortunate state of affairs is a consequence of motivated enemies who seemingl...

In a previous Disrupting Adversary Infrastructure white paper, we discussed the roles and obligations of Internet Service Providers (ISPs) and governments to identify and eliminate cyberspace assets used for malicious purposes, with a particular focus on IP addresses and Autonomous System Numbers (A...

The threat intelligence landscape is an emerging one. Even in the most sophisticated security organizations, resource constraints often dictate that threat intelligence (TI) is the responsibility of a sole analyst sifting through incident alerts looking for patterns and trends which may indicate tha...

Understand how you can make smarter decisions to move faster — both blocking an adversary and disrupting them altogether — by using orchestration with intelligence