We just raised a $30M Series A: Read our story
2020-07-14T17:34:00Z

Threat intelligence tools for large organization

53

I'm an Information Security Consultant at a large enterprise Tech Services company. What are the best tools for threat intelligence?

ITCS user
Guest
55 Answers

author avatar
Top 5LeaderboardConsultant

There are two categories of Threat Intelligence so-called "tools"


1. Threat Intelligence Platform


2. Threat Intelligence Feed Service (premium provider)


A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides you with a common platform sharing to aggregate the TI feed services from typically community / freemium sources, you will have to still purchase the premium ones for example: Group-IB Threat Intelligence.


On the contrary, Threat Intelligence Feed Service only provides you with real useful information of Indicator of Compromises, Analyst Report, Request for Information, support for CERT analyst, detection of malware, phishing and other attack related to your company. They do not come in platform and they cannot integrate other open source or third party TI feeds. The service is usually presented in a secured accessible Dashboard where you can monitor everything that is in the Darkweb and if any particular threat actor is lurking to attack your organization.

When will you need Threat Intelligence Platform?
1. If you need to integrate more than single source of TI feeds


2. If you need to push that information down to the multiple target systems such as SIEM, NGIPS, NGFW, Endpoint, etc

If you don't need the above, you could reasonably opt for premium TI feed service provider, because they provide more accurate information for your organization, tailored specifically to monitor all the threat actor against your organization. The feed service would then be integrated to the SIEM / SOC platform to correlate with all your cybersecurity events inside your organization.

2021-06-02T14:25:45Z
author avatar
Top 20User

TI feeds must include open source and commercial feeds... It may be better to get a platform rather than individual feeds. It's always better to have more feeds to validate each other

2021-03-15T03:02:57Z
author avatar
Top 5LeaderboardReseller

Try Open Threat Exchange otx.alienvault.com The best one, and now researchers from AlienVault is a part of AT&T, so they have really great data sources and expertise in Threat hunting.

2020-07-20T09:00:13Z
author avatar
User

Have you looked at IBM threat intelligence with i2?

2021-03-15T13:38:43Z
author avatar
Top 5LeaderboardReal User

You can try Malware Information Sharing Platform.


Most supported open source threat intelligence platform will help


2021-03-12T16:51:50Z
Find out what your peers are saying about CrowdStrike, ReversingLabs, Group-IB and others in Threat Intelligence Platforms. Updated: November 2021.
555,358 professionals have used our research since 2012.