We just raised a $30M Series A: Read our story
2020-12-31T16:06:00Z

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

118

I'm looking for a threat intelligence tool that can aggregate multiple threat intelligence sources. Is this type of tool available? If so, how much do these services cost?

ITCS user
Guest
1015 Answers

author avatar
User

There are several tools available - we use AlienVault from AT&T. 


It provides a full view from the Desktop to the Network Firewall to the Cloud and Application threats across multiple locations via WAN as well as multiple servers within your LAN.

2021-08-04T16:48:55Z
author avatar
User

You can look at Anomaly, which is a Threat Intel Platform (TIP).

2021-08-04T13:12:41Z
author avatarJoe Tinaglia
Vendor

@Sudhir Babu 
Things every company needs to ask themselves: How many endpoints do you currently have connected to your network?


  • Do you know the exact number or estimate (e.g. I think we have 10k endpoints)?

  • Do you know where they are connected?

  • Can you verify they were compliant an hour ago? A day ago? A week ago? If you can't see your endpoint you can't secure it, manage it, or likely even financially account for it.

author avatarEvgeny Belenky
Community Manager

@Joe Tinaglia please avoid posting any marketing/sales content. This sort of content isn't allowed according to IT Cental Station Guidelines (see section "Help Others"). 
The discussions should be relevant to the topic and professional only. 

Thanks for respecting our policy.

author avatar
Top 5LeaderboardConsultant

There are two approaches to answer your needs. You can either select:


1. SIEM / SOC Platform that could ingest more than 1 TI feed service 


2. Threat Intelligence Platform


If you are looking to simply integrate the TI sources into one single centralized system, for instance: SIEM, you would choose option 1 because it will be investment effective.


Logrythm, Qradar, Stellar Cyber, Splunk and Alienvault are amongst the tools to go.


If you are looking to integrate to more than 1 target system inside your organization, go for a centralized Threat Intelligence Platform. The best one in the market is no doubt the Anomali Threat Intelligence Platform, while ThreatQuotient and EccleticIQ still have to catch up alot. The benefit of using Anomali Threat Intelligence Platform in example, is that you can actually manage multiple integrations to target system such as: SIEM, SOC Platform, NGFW, IPS, and others. This platform will provide you with great simplicity, for an organization which is reasonably large with multiple cybersecurity solutions.



Be wary, Threat Intelligence Platform is not investment friendly, as their cost could be unjustified if you can't consider all the benefits it provides. With TIP, you are expected to manage Threat Intelligence actively inside your organization, selecting and making the most out of the all TI feed services out there (community, freemium and premium service). You would need a team dedicated CTI Analyst to benefit from the use of Threat Intelligence Platform - otherwise it will be a waste of time and investment.



At the end of the day, you could also opt for open source STIX / TAXII client to a more cost effective alternative solution, depends on your requirement complexity and budgets.

2021-06-02T14:15:26Z
author avatar
Top 5User

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by each customer. The cost of the tool is based on the amount of data to be imported, Microsoft 365 and Azure are free, and for the time of data retention. Example: Azure Sentinel Pricing | Microsoft Azure

2021-01-01T21:53:15Z
author avatar
Top 10Real User

Hi, I have left the job, so don't know the exact count. but Yes, SlashNext is providing a very good service. regarding to the threat intelligence.

2021-08-06T22:33:09Z
author avatar
Reseller

Yes. 


"Advanced persistent threats (APT) penetrate networks and stay hidden through any number of targeted and difficult-to-detect means including spear phishing, credential theft or web app vulnerabilities.

Once inside, they use native operating system functions, credential dumping and human error to opportunistically seek higher-value targets and data. These types of attacks can be extremely damaging, difficult to remediate and much longer-lived – often 200+ days of dwell time. EDR telemetry becomes too limited in scope and volume to help, usually maxing out at 30 days.


Organizations can cost-effectively store one year of rich endpoint telemetry with deep integration between Tanium and Chronicle. Incident response teams and analysts will have drastically improved ability to hunt, investigate and fully scope advanced threats with sub-second search latency across endpoint and other data sources such as DNS, proxy and firewall logs."


Check this out: https://www.tanium.com/resources/data-drive-threat-hunting-tanium-chronicle

2021-08-04T15:16:02Z
author avatarEvgeny Belenky
Community Manager

@Patrick Flanders, thanks for your reply. Are you aware of ppricing levels for this solution?

author avatarPatrick Flanders
Reseller

@Evgeny Belenky Yes -
Chronicle Benefits:

○ Pricing: One year of stored endpoint telemetry at a per endpoint price ( Fixed Cost) - MSP pricing includes Tanium Client Agent for Modules of Threat Response, Compliance, and Remediation. There are CORE modules that allow us to deploy the agent and generate discovery and asset reports with Zero Infrastructure and VPN requirements to brings 300 endpoints to 5 million under complete visibility and management within hours depending on the size of the customer. 
○ Infinite Elasticity: with a backend built on core Google infrastructure

○ Instant Search: across a full year of security telemetry to uncover latent threats
○ Cloud-native: solution built to auto-scale and eliminate data management overhead
Intelligent Data Fusion
Modern Threat Detection
Continuous IoC Matching
Hunt at Google Speed
Self-Managed ( per scope of work)
Disruptive Economics

author avatar
Vendor


  • What are you specifically trying to accomplish?

  • What is the compelling reason to look for this capability?

  • Are you funded?

  • What have you currently looked at?

2021-08-04T14:19:12Z
author avatar
User

IntSights, Recorded Future, Cybersixgill, and so on.

2021-08-03T14:00:56Z
author avatar
Top 20Real User

Maybe Greymatter from Reliaquest could help?

2021-08-03T09:35:15Z
author avatar
Top 10Real User

Azure Sentinel SIEM and I think Arcsight SIEM too.

2021-01-04T05:00:40Z
Find out what your peers are saying about CrowdStrike, ReversingLabs, Group-IB and others in Threat Intelligence Platforms. Updated: November 2021.
555,358 professionals have used our research since 2012.