Anomali ThreatStream vs. RackFoundry Total Security Management (discontinued)

Anomali ThreatStream is excellent in scenarios where we deliver Managed Security Services to customers. It offers exhaustive volumes of information in the form of threat bulletins, IOCs, Threat Actor profiling, and details related to campaigns in the wild which can be used to a great extent by MSSPs. For an enterprise SOC, I believe it is a little less suited purely because of the pricing aspect as it is slightly towards the expensive side of the spectrum.

Incentivized

RackFoundry Total Security Management (TSM) is suited for most companies that have the same challenge as my team had. If you are looking to purchase one security tool and spend most of your allocated budget then I would not recommend this for you. However, if you are looking for something close to a single pane of glass, (granted there is no such thing) this solution does come close as they have the main components built in such as their FW/IPS/IDS/SIEM. Before selecting RackFoundry we had two options which were: 1) Upgrade our current solution and spend an overbearing amount 2) Search for new vendors and maybe procure 1-3 devices and then manually integrate them. Because this was a unified console and integration between devices was simple, we were able to obtain 4-6 security functions and we even had some sense of security visibility via the SIEM. It's not as powerful as Splunk or LogRhythm, but it definitely does the job

• Indicators of Compromise
• Signatures
• Community Sharing

Incentivized

• Making promises about a service and product.
• Advertising a good price and offering great services.
• Supposedly offer 24/7 365 level 1 threat triaging.

• The user interface, perhaps there is some room for improvement although it is good already.
• Confidence assigning process for IOCs needs to be more robust and transparent.
• While integration with SIEM solutions is a cakewalk, there is definitely added value if SIGMA rule conversion and YARA rule creation are provided from the platform.

Incentivized

• It has been my first year with Rack Foundry and at this point I have to say everything has been smooth, from implementation to support.

Many of the products that can be used to be ingested into a security event management software can be cumbersome with threat streamThere are many opportunities to continue fine-tuning the environment and providing great context in regards to threat research. When compared to other products threat stream stands out from usability and features.

Incentivized

Well I have experience with the big names: SecureWorks, IBM and Splunk. Individually their logging tools are much better than RackFoundry's Total Security Management. This is great for large corporations and urban cities, however not so great for municipalities, mid size businesses and companies who fluctuate between 1-7 members on their IT staff. Why? Because it takes too much of their resources and integration with other products gets a little rough as you will need to configure your preferences to theirs. When a company has stability it is great to have a name brand product, however renewals and upgrade costs can be taxing to an organization.

• After the Initial startup cost, it has overall had a positive impact by increasing efficiency of the team and freeing up analysts to do manual threat hunting

Incentivized

• Overall the product has had a negative impact. Not necessarily on our environment but in the amount of time it has taken to deploy.