ThreatMatcher

Background

Connect2Trust receives threat information from a variety of partners, originating from open and closed sources. Bringing together the supply of threat information and the demand from Connect2Trust member organizations is not easy. Not all available information is relevant, and too much information is impossible to process or costs too much time and effort.

Action perspective requires the right information, at the right time, to the right organizations. If these conditions are not met, then the action perspective offered will not lead to an actual action. At the same time, the non-profit Connect2Trust foundation is uniquely positioned to independently connect organizations that offer and request information.

In the ThreatMatcher project, the functionality was developed to make the process of information sharing faster, controllable, automated, secure and scalable so that information reaches the right organizations on time and as needed. Developing such functionality within Connect2Trust, which has enjoyed the trust of its growing number of participants since 2015, represents the innovative nature of this project. Several releases of the ThreatMatcher Intelligence Platform have since been delivered, after the SIDN Foundation made the basic facility possible.

Bringing together the supply and demand of threat information is a sensitive process and requires a high degree of mutual trust to share. The collaboration between DIVD and NBIP within the Dutch Security Reporting Point makes it possible to open up the ThreatMatcher Intelligence Platform to a larger group of organisations in the Netherlands. Funding from the SIDN Fondation also provides for continued innovation to expand both the security and functionality of the platform.