Threat intelligence platforms have become a critical security tool as the volume and complexity of threat vectors grows exponentially. We review the top vendors in this critical area.
Threat intelligence is a critical security tool that uses global security intelligence to detect malicious activity inside your network.
These solutions can take a number of different forms. Threat intelligence feeds take security data from vendors, analysts and other sources about threats and unusual activity happening all around the world. Malicious IP addresses, domains, file hashes and other data stream in constantly from external parties. This can help companies understand behaviors that might be affecting their own networks.
Threat intelligence platforms (TIPs) take this a step further. They incorporate one or many data feeds and subject the data to detailed analysis. Advanced analytics are used to isolate unusual patterns in systems and mine other valuable data.
At a minimum, a threat intelligence platform should have actionable indicators that can be used to identify potential threats to an organization (such as known bad IP addresses and URLs, and malware hashes), and support collaboration and investigation workflow for the security analyst and broader community.
Here are eight of the top threat intelligence platforms – some offer a free version for lower-volume users – and we also include a chart comparing the products’ features at the bottom of this page.
IBM X-Force Exchange
IBM X-Force Exchange is a collaborative threat intelligence platform that helps security analysts research threat indicators to help speed time to action – and is free up to 5,000 records a month. It boasts unlimited scalability and queries, and offers intelligence on IP and URL reputation, web applications, malware, vulnerabilities and spam.
See our in-depth look at IBM X-Force Exchange.
Anomali ThreatStream aggregates millions of threat indicators to identify new attacks, discover existing breaches, and enable security teams to quickly understand and contain threats. Features include: de-duplication of data, removal of false positives; integration with other security tools and extracting data from suspected phishing emails for immediate blocking. The company also offers a couple of free threat intelligence tools.
See our in-depth look at Anomali ThreatStream.
Palo Alto Networks AutoFocus
Palo Alto Networks AutoFocus contextual threat intelligence service makes threat analytics, with full context, available to organizations of all sizes. This hosted security service arms security operations professionals with the intelligence, correlation, context and automated prevention workflows needed to identify and respond to events in real time.
See our in-depth look at Palo Alto Networks AutoFocus.
RSA NetWitness Suite
RSA NetWitness Suite is a threat detection and response platform that allows security teams to rapidly detect and understand the scope of a compromise by leveraging logs, packets, NetFlow, endpoints and threat intelligence. By aligning business context with security risks, it can analyze, prioritize and investigate threats. The threat intelligence product has no scalability limits.
See our in-depth look at RSA NetWitness Suite.
LogRhythm Threat Lifecycle Management (TLM) Platform
LogRhythm Threat Lifecycle Management (TLM) Platform delivers a coordinated collection of data analysis and incident response capabilities to enable organizations around the globe to rapidly detect, neutralize and recover from security incidents. It can process 26 billion messages a day.
See our in-depth look at LogRhythm Threat Lifecycle Management.
FireEye iSIGHT Threat Intelligence
FireEye iSIGHT Threat Intelligence adds context and priority to global threats before, during and after an attack. Data is gleaned from the adversarial underground, virtual network detection sensors and Mandiant IR investigations from the world’s largest breaches. FireEye has more than 1,000 experts responding to incidents and researching attacks.
See our in-depth look at FireEye iSIGHT Threat Intelligence.
LookingGlass Cyber Solutions
LookingGlass Cyber Solutions is an open source-based threat intelligence platform that delivers unified threat protection against sophisticated cyberattacks to global enterprises and government agencies by operationalizing threat intelligence. Augmenting it is a worldwide team of security analysts who enrich the data feeds.
See our in-depth look at LookingGlass Cyber Solutions.
AlienVault Unified Security Management (USM)
AlienVault Unified Security Management (USM) receives threat intelligence from AlienVault Labs and its massive Open Threat Exchange (OTX) crowd-sourced collaborative threat exchange. It provides centralized threat detection, incident response and compliance management for cloud and on-premises environments. It scales from very small to large companies.
See our in-depth look at AlienVault USM.