Threat Intelligence Platforms

Threat Intelligence Platforms Overview

What is a Threat Intelligence Platform?

A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.

Threat Intelligence Platforms Features & Capabilities

  • Data feeds from a variety of different sources including industry groups
  • Data triage
  • Alerts and reports about specific types of threats and threat actors
  • Analysis and sharing of threat intelligence
  • Normalization and scoring of risk data

Pricing Information

Threat intelligence pricing is often a subscription to multiple data feeds, with tiered pricing based on number of users. Data fees vary in cost from about $1,500 and $10,000 depending on the number of feeds.

Threat Intelligence Products

(1-25 of 43) Sorted by Most Reviews

AlienVault USM

AlienVault USM

Customer Verified
Top Rated

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises…

CrowdStrike Falcon Endpoint Protection

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

Sophos UTM

Sophos UTM provides core firewall features, plus sandboxing and AI threat detection for advanced network security. It has customizable deployment options.

SolarWinds Threat Monitor

SolarWinds Threat Monitor empowers MSSPs of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable.

Mimecast Threat Intelligence

Mimecast offers a threat intelligence service, including the company's Threat Intelligence Dashboard, threat remediation, and the Mimecast Threat Feed for integration threat intelligence into compatible SIEM or SOAR platforms.

WhoisXML API Enterprise API and Data Feed Packages

About WhoisXML APIWhoisXML API’s Enterprise API Packages and Data Feed Packages provide comprehensive, historical, and real-time domain, IP, and cyber intelligence. With API packages, enterprises, managed security providers, and security solutions vendors can stay one step ahead…

Recorded Future

Boston-based Recorded Future presents a vulnerability management solution.

Anomali ThreatStream

ThreatStream from Anomali in Redwood City speeds detection of threats by uniting security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts…

Cisco SecureX (formerly Threat Response)

Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Threat Response integrates threat intelligence from Cisco Talos and third-party sources, which adds context…

LookingGlass Cyber Solutions

LookingGlass Cyber Solutions is a threat protection solution protecting against cyber attacks to global enterprises and government agencies The product is augmented by a team of security analysts who enrich the data feeds and provide timely insights to customers of potential risks.…


ThreatConnect, from the company of the same name in Arlington, is described by the vendor as an Intelligence-Driven Security Operations Platform with both Security Orchestration Automation and Response (SOAR) and Threat Intelligence Platform (TIP) capabilities. They state ThreatConnect…

Palo Alto Networks AutoFocus

AutoFocus™ contextual threat intelligence service, from Palo Alto Networks, accelerates analysis, correlation and prevention workflows. Targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional…

Mandiant Advantage: Threat Intelligence (FireEye iSIGHT)

Mandiant Advantage: Threat Intelligence (replacing the former FireEye iSIGHT Threat Intelligence) is a proactive, comprehensive threat intelligence platform delivered as a subscription service, providing visibility to global threats before, during and after an attack. It also helps…

Proofpoint Domain Discover for Email

Proofpoint Domain Discover for Email provides a library and actionable intelligence of spoof and lookalike domains used to support phishing attempts against enterprise email users.

CenturyLink Analytics and Threat Management

With CenturyLink® Analytics and Threat Management services, you get the visibility needed to proactively identify potential security issues and respond to them before they cause harm. And with our event and incident management and response services, you can ease the burden of having…

Proofpoint Emerging Threat Intelligence

Proofpoint Emerging Threat (ET) Intelligence provides actionable threat intel feeds to identify IPs and domains involved in suspicious and malicious activity.

Symantec DeepSight

Symantec DeepSight Intelligence is provides timely, actionable threat intelligence enabling trams to assess risk and implement proactive controls.

Exabeam Security Management Platform

Exabeam headquartered in San Mateo, offers their SIEM platform, the The Exabeam Security Management Platform. The vendor states the modular Exabeam platform allows analysts to collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response. The…


Snare is an IT security analytics suite of applications from Prophecy International headquartered in Adelaide, providing a complete log monitoring and management solution, as well as network threat intelligence.

Proofpoint Nexus

Proofpoint Nexus is the security company's threat intelligence platform, now available to customers, which provides real-time data that spans email, social media, mobile devices and SaaS applications, supporting correlative study of attack behaviors and preemptive or forensic exploration…

IBM X-Force Incident Response and Intelligence Services (IRIS)

IBM X-Force IRIS can be deployed on-site to provide a complete cybersecurity incident response, threat intelligence, and breach remediation platform.

Imperva Attack Analytics (formerly ThreatRadar)

Imperva Attack Analytics, (formerly ThreatRadar), is a threat intelligence service relying on research from Imperva's Application Defense Center (ADC), integratable into Imperva's WAF solutions and able to be fed into enterprise security data.

Sentinel IPS

Sentinel IPS promises advanced threat protection at the network’s edge with Network Cloaking™, blocking malware, exploitation attempts, and other threats before they reach the firewall. Sentinel Internal Intelligence aims to give visibility inside the network, and the ability to…

Marlabs Rapid 360

Marlabs headquartered in Piscataway offers Rapid 360, a threat intelligence platform.

Check Point ThreatCloud

Check Point Software Technologies provides threat intelligence via the Check Point ThreatCloud.