Brief Overview

TruSTAR is an intelligence platform that helps organizations leverage multiple sources of threat intelligence and fuse it with historical event data to prioritize and enrich investigations. TruSTAR uses machine learning and automation to operationalize data throughout an analyst’s workflow, freeing up time for higher-priority events. The most valuable security data is often locked inside silos in which TruSTAR breaks down these silos with its Enclave knowledge management architecture. Enclaves give complex teams customization, integration, and granular access controls that enable collaboration. TruSTAR is the technology infrastructure that powers many of the U.S.’s largest ISACs and ISAOs, and has enterprise customers that span across Finance, Retail, Healthcare, Aerospace, and IT.


San Francisco, California


Paul Kurtz, Founder and CEO of TruSTAR was previously with the National Security Council of the White House.


Co-founded in 2014 by Paul Kurtz, Dave Cullinane, and Patrick Coughlin, TruSTAR is privately held and headquartered in San Francisco. In 2017 TruSTAR announced its $5M Series A funding with Storm Ventures as the lead investor. They host dozens of Fortune 500 companies, ISACs, and ISAOs on their platform.

Key Competitors

ThreatConnect, Threat Quotient, Anomali, ElcecticIQ

Products and Services

A TruSTAR’s intelligence platform allows users to analyze and enrich investigations with trusted, relevant intelligence sources, including information shared by your partners and peers, while allowing you to maintain protective access controls. Using TruSTAR’s Enclave architecture, analysts can quickly ingest external intelligence sources, including email listservs, to enrich your cases. Enclaves let you see which intelligence sources are the most valuable to your cyber investigations while allowing you to segment duties among internal teams while surfacing relevant correlations across your entire data ecosystem. TruSTAR integrates with leading SIEM, case management, and orchestration tools help security teams operationalize data and quickly act upon these findings. Members from different organizations can use common Enclaves to import, extract, redact, and exchange threat intelligence data into one safe environment and platform.