Threat Intelligence Platforms

TrustRadius Top Rated for 2024

Top Rated Products

(1-2 of 2)

CrowdStrike Falcon

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

Splunk Enterprise Security (ES)

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

All Products

(1-25 of 119)

AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises…

Splunk Enterprise Security (ES)

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

CrowdStrike Falcon

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

Splunk SOAR

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.


Egnyte provides a unified content security and governance solution for collaboration, data security, compliance, and threat detection for multicloud businesses. More than 16,000 organizations trust Egnyte to reduce risks and IT complexity, prevent ransomware and IP theft, and boost…

Webroot Endpoint Protection

Webroot Endpoint Protection is the OpenText company's business class multi-vector endpoint protection application, providing centralized endpoint management, deep learning intelligence, and advanced behavioral analytics. For SMBs, Webroot Smarter Cybersecurity solutions were designed…

Mandiant Advantage Threat Intelligence

Since 2004, Mandiant has been a partner to security-conscious organizations. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Cisco SecureX

Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Threat Response integrates threat intelligence from Cisco Talos and third-party sources, which adds context…

SolarWinds Threat Monitor

SolarWinds Threat Monitor empowers MSSPs of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable.

Mimecast Threat Intelligence

Mimecast offers a threat intelligence service, including the company's Threat Intelligence Dashboard, threat remediation, and the Mimecast Threat Feed for integration threat intelligence into compatible SIEM or SOAR platforms.

Palo Alto Networks AutoFocus

AutoFocus™ contextual threat intelligence service, from Palo Alto Networks, accelerates analysis, correlation and prevention workflows. Targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional…

Imperva Attack Analytics

Imperva Attack Analytics, (formerly ThreatRadar), is a threat intelligence service relying on research from Imperva's Application Defense Center (ADC), integratable into Imperva's WAF solutions and able to be fed into enterprise security data.


SecurityScorecard provides A-F graded security rating scorecards, to drive improved communication, effective compliance reporting, and more informed decision making. These enable enterprises to rate, understand, and continuously monitor the security posture of any organization worldwide,…

Recorded Future Intelligence Cloud

Recorded Future is an intelligence company. Its Intelligence Cloud provides coverage across adversaries, infrastructure, and targets. Combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future provides visibility into the digital…


Chronicle, a security company supported by Alphabet (Google), offers VirusTotal, a malware scanning and threat intelligence service.


Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.

WhoisXML API Enterprise API and Data Feed Packages

About WhoisXML APIWhoisXML API’s Enterprise API Packages and Data Feed Packages provide comprehensive, historical, and real-time domain, IP, and cyber intelligence. With API packages, enterprises, managed security providers, and security solutions vendors can stay one step ahead…

Trellix Threat Intelligence Exchange

Trellix Threat Intelligence Exchange (formerly McAfee Threat Intelligence Exchange) acts as a reputation broker to enable adaptive threat detection and response. It combines local intelligence from security solutions across your organization, with external, global threat data, and…

IBM X-Force Incident Response and Intelligence Services (IRIS)

IBM X-Force IRIS can be deployed on-site to provide a complete cybersecurity incident response, threat intelligence, and breach remediation platform.

Cybereason Defense Platform

Cybereason EDR consolidates intelligence about each attack into a Malop (malicious operation), a contextualized view of the full narrative of an attack. Each Malop organizes the relevant attack data into an easy-to-read, interactive graphical interface, providing a complete timeline,…

Anomali ThreatStream

ThreatStream from Anomali in Redwood City speeds detection of threats by uniting security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts…

Check Point ThreatCloud

Check Point Software Technologies provides threat intelligence via the Check Point ThreatCloud.

Proofpoint Emerging Threat Intelligence

Proofpoint Emerging Threat (ET) Intelligence provides actionable threat intel feeds to identify IPs and domains involved in suspicious and malicious activity.

Proofpoint Cloud App Security Broker (Proofpoint CASB)

Proofpoint Cloud App Security Broker (CASB) secures applications such as Microsoft Office 365, Google’s G Suite, Box, and other services, providing visibility and control over cloud apps.

Symantec DeepSight

Symantec DeepSight Intelligence is provides timely, actionable threat intelligence enabling trams to assess risk and implement proactive controls.

Videos for Threat Intelligence Platforms

Which Threat Intelligence is best for you? Mandiant, Cisco SecureX, Splunk, Crowdstrike Falcon
Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space.

Learn More About Threat Intelligence Platforms

What is a Threat Intelligence Platform?

A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.

Threat intelligence platforms usually utilize two main sources of data. The first is a vendor-supported threat intelligence library. These libraries record all of the existing or known threats, including their signatures, risk factors, and remediation tactics. The second is the business’s existing security stack, which provides the threat intelligence platform with real time data. The platform then analyzes the organization’s data against the repository of known threats and possible signifiers to identify potential or active threats.

A key aspect of threat intelligence platforms are their automation. Leveraging internal and external data sources at high volumes are beyond the scope of any team’s manual analysis. Instead, threat intelligence products use automated policies and AI to identify threats without human intervention. Once it has identified a threat, the tool will alert stakeholders to said threats. This can lead to a higher volume of false positives/noise, but is still more efficient than manually managing and analyzing security data in the first place.

Threat intelligence capabilities can be found in a variety of products. Some vendors have focused on inserting threat intelligence into existing endpoint security and SIEM products. More recent developments in the SOAR space have also emphasized connecting threat intelligence directly to automated remediation actions. There are also a range of point solutions that specialize in deep threat intelligence libraries and robust analytics engines. These point solutions should also be able to integrate easily with the rest of an organization’s security technology stack.

Threat Intelligence Tools Features & Capabilities

Threat intelligence platforms usually consist of multiple threat intelligence tools, and have the following features:

  • Data feeds from a variety of different sources including industry groups
  • Data triage
  • Alerts and reports about specific types of threats and threat actors
  • Analysis and sharing of threat intelligence
  • Normalization and scoring of risk data

Threat Intelligence Tools and Platforms Comparison

Consider these aspects of threat intelligence platforms when comparing different options:

  • Suite vs. Point Solution: Is each product a standalone solution for threat intelligence, or part of a larger endpoint or network security package? Standalone solutions are more likely to be best-of-breed, while larger suites may come with better pre-built integration into other security functions within the platform. Suites may also be preferable if the organization is looking to restructure its broader security posture, rather than just adding threat intelligence capabilities.
  • Integrations: How well does each product integrate with the rest of the organization’s tech stack, particularly other security systems? Threat intelligence platforms should at a minimum have prebuilt integrations for the other security systems the organization uses, or case studies speaking to the ease of integration in similar use cases.
  • Alert Management: What impact does each platform usually have on false positive rates? Ensure that products on the shortlist won’t add an unexpected workload just from managing alerts long term. Reviewers will frequently highlight how well, or poorly, given products perform in this area.

Start a threat intelligence comparison here

Pricing Information

Threat intelligence pricing is often a subscription to multiple data feeds, with tiered pricing based on number of users. Data fees vary in cost from about $1,500 and $10,000 depending on the number of feeds.

Related Categories

Frequently Asked Questions

What do threat intelligence platforms do?

Threat intelligence platforms leverage libraries of knowledge on existing cyber threats to analyze an organization’s security data and identify potential or known threats to the business.

How much does a threat intelligence platform cost?

Standalone threat intelligence can range from $1,500-10,000+, depending on the number of users and volume of data.

Why is threat intelligence important?

Threat intelligence is key to ensuring that organizations have the most accurate and up to date information on modern cyber threats, and that they can use it in automated, scalable ways.

What’s the difference between threat intelligence and threat hunting?

Threat intelligence leverages known intelligence to analyze existing data, while threat hunting proactively looks for bad actors on a network, endpoints, or other systems. Threat hunting often encompasses elements of threat intelligence.