Threat Intelligence Platforms

Threat Intelligence Platforms Overview

A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.

Threat intelligence platforms usually utilize two main sources of data. The first is a vendor-supported threat intelligence library. These libraries record all of the existing or known threats, including their signatures, risk factors, and remediation tactics. The second is the business’s existing security stack, which provides the threat intelligence platform with real time data. The platform then analyzes the organization’s data against the repository of known threats and possible signifiers to identify potential or active threats.

A key aspect of threat intelligence platforms are their automation. Leveraging internal and external data sources at high volumes are beyond the scope of any team’s manual analysis. Instead, threat intelligence products use automated policies and AI to identify threats without human intervention. Once it has identified a threat, the tool will alert stakeholders to said threats. This can lead to a higher volume of false positives/noise, but is still more efficient than manually managing and analyzing security data in the first place.

Threat intelligence capabilities can be found in a variety of products. Some vendors have focused on inserting threat intelligence into existing endpoint security and SIEM products. More recent developments in the SOAR space have also emphasized connecting threat intelligence directly to automated remediation actions. There are also a range of point solutions that specialize in deep threat intelligence libraries and robust analytics engines. These point solutions should also be able to integrate easily with the rest of an organization’s security technology stack.

Top Rated Threat Intelligence Products

TrustRadius Top Rated for 2022

These products won a Top Rated award for having excellent customer satisfaction ratings. The list is based purely on reviews; there is no paid placement, and analyst opinions do not influence the rankings. Read more about the Top Rated criteria.

Threat Intelligence Products

(1-25 of 72) Sorted by Most Reviews

The list of products below is based purely on reviews (sorted from most to least). There is no paid placement and analyst opinions do not influence their rankings. Here is our Promise to Buyers to ensure information on our site is reliable, useful, and worthy of your trust.

AlienVault USM

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises…

Key Features

  • Centralized event and log data collection (5)
    68%
    6.8
  • Event and log normalization/management (7)
    67%
    6.7
  • Custom dashboards and workspaces (7)
    61%
    6.1
Splunk Enterprise Security (ES)

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Key Features

  • Event and log normalization/management (82)
    89%
    8.9
  • Custom dashboards and workspaces (84)
    86%
    8.6
  • Deployment flexibility (83)
    85%
    8.5
CrowdStrike Falcon Endpoint Protection

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

Key Features

  • Malware Detection (33)
    95%
    9.5
  • Centralized Management (33)
    93%
    9.3
  • Infection Remediation (33)
    92%
    9.2
Splunk SOAR (Security Orchestration, Automation and Response) (formerly Phantom)

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Mandiant Advantage Threat Intelligence

Mandiant Advantage: Threat Intelligence (replacing the former FireEye iSIGHT Threat Intelligence) is a proactive, comprehensive threat intelligence platform delivered as a subscription service, providing visibility to global threats before, during and after an attack. It also helps…

Cisco SecureX

Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Threat Response integrates threat intelligence from Cisco Talos and third-party sources, which adds context…

Anomali ThreatStream

ThreatStream from Anomali in Redwood City speeds detection of threats by uniting security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts…

Mimecast Threat Intelligence

Mimecast offers a threat intelligence service, including the company's Threat Intelligence Dashboard, threat remediation, and the Mimecast Threat Feed for integration threat intelligence into compatible SIEM or SOAR platforms.

Palo Alto Networks AutoFocus

AutoFocus™ contextual threat intelligence service, from Palo Alto Networks, accelerates analysis, correlation and prevention workflows. Targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional…

VirusTotal

Chronicle, a security company supported by Alphabet (Google), offers VirusTotal, a malware scanning and threat intelligence service.

Recorded Future

Boston-based Recorded Future presents a vulnerability management solution.

Exabeam Fusion

Exabeam headquartered in San Mateo, Exabeam Fusion, a SIEM + XDR. The vendor states the modular Exabeam platform allows analysts to collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response. The Exabeam platform can be deployed on-premise…

Symantec DeepSight

Symantec DeepSight Intelligence is provides timely, actionable threat intelligence enabling trams to assess risk and implement proactive controls.

WhoisXML API Enterprise API and Data Feed Packages

About WhoisXML APIWhoisXML API’s Enterprise API Packages and Data Feed Packages provide comprehensive, historical, and real-time domain, IP, and cyber intelligence. With API packages, enterprises, managed security providers, and security solutions vendors can stay one step ahead…

SolarWinds Threat Monitor

SolarWinds Threat Monitor empowers MSSPs of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable.

McAfee Threat Intelligence Exchange

McAfee Threat Intelligence Exchange acts as a reputation broker to enable adaptive threat detection and response. It combines local intelligence from security solutions across your organization, with external, global threat data, and instantly shares this collective intelligence…

Check Point ThreatCloud

Check Point Software Technologies provides threat intelligence via the Check Point ThreatCloud.

IBM X-Force

IBM experts provide the X-Force threat intelligence suite of services, including X-Force Research and X-Force Research Publications, and the X-Force Exchange platform for sharing threat intelligence knowledge and best practice with industry experts.

Snare

Snare is an IT security analytics suite of applications from Prophecy International headquartered in Adelaide, providing a complete log monitoring and management solution, as well as network threat intelligence.

McAfee MVISION Insights

MVISION Insights is designed to help organizations move to an action-oriented, proactive security posture with local and global telemetry to detect, rank, and respond quickly and accurately to threats.

Agari Active Defense

Agari Active Defense is a service to enable users to gain actionable intelligence, understand threats, and reduce risk from Business Email Compromise (BEC) attacks. The BEC Threat Intelligence service aims helps teams understand the specific threats an organization faces, develop…

Trend Micro TippingPoint Threat Digital Vaccine (ThreatDV)

Trend Micro offers their Threat Digital Vaccine (ThreatDV) as a subscription service available to customers that enables the prevention and disruption of malware activity. The combination of reputation feeds and malware filters gives customers added protection for their sensitive…

TEHTRIS XDR Platform

TEHTRIS, headquartered in Pessac, offers their eponymous XDR platform, providing the XDR infrastructure to bring together several security solutions within a single platform, capable of detecting and responding to security incidents.

IBM X-Force Incident Response and Intelligence Services (IRIS)

IBM X-Force IRIS can be deployed on-site to provide a complete cybersecurity incident response, threat intelligence, and breach remediation platform.

Kaspersky Private Security Network

Kaspersky Labs offers threat intelligence as a service, but for those who prefer a secure on-premise technology-based solution, the company also provides Kaspersky Private Security Network, a threat intelligence platform supporting network security apps, appliances, and other Kaspersky…

Learn More About Threat Intelligence Platforms

What is a Threat Intelligence Platform?

A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.

Threat intelligence platforms usually utilize two main sources of data. The first is a vendor-supported threat intelligence library. These libraries record all of the existing or known threats, including their signatures, risk factors, and remediation tactics. The second is the business’s existing security stack, which provides the threat intelligence platform with real time data. The platform then analyzes the organization’s data against the repository of known threats and possible signifiers to identify potential or active threats.

A key aspect of threat intelligence platforms are their automation. Leveraging internal and external data sources at high volumes are beyond the scope of any team’s manual analysis. Instead, threat intelligence products use automated policies and AI to identify threats without human intervention. Once it has identified a threat, the tool will alert stakeholders to said threats. This can lead to a higher volume of false positives/noise, but is still more efficient than manually managing and analyzing security data in the first place.

Threat intelligence capabilities can be found in a variety of products. Some vendors have focused on inserting threat intelligence into existing endpoint security and SIEM products. More recent developments in the SOAR space have also emphasized connecting threat intelligence directly to automated remediation actions. There are also a range of point solutions that specialize in deep threat intelligence libraries and robust analytics engines. These point solutions should also be able to integrate easily with the rest of an organization’s security technology stack.

Threat Intelligence Platforms Features & Capabilities

  • Data feeds from a variety of different sources including industry groups
  • Data triage
  • Alerts and reports about specific types of threats and threat actors
  • Analysis and sharing of threat intelligence
  • Normalization and scoring of risk data

Threat Intelligence Platforms Comparison

Consider these aspects of threat intelligence platforms when comparing different options:

  • Suite vs. Point Solution: Is each product a standalone solution for threat intelligence, or part of a larger endpoint or network security package? Standalone solutions are more likely to be best-of-breed, while larger suites may come with better pre-built integration into other security functions within the platform. Suites may also be preferable if the organization is looking to restructure its broader security posture, rather than just adding threat intelligence capabilities.
  • Integrations: How well does each product integrate with the rest of the organization’s tech stack, particularly other security systems? Threat intelligence platforms should at a minimum have prebuilt integrations for the other security systems the organization uses, or case studies speaking to the ease of integration in similar use cases.
  • Alert Management: What impact does each platform usually have on false positive rates? Ensure that products on the shortlist won’t add an unexpected workload just from managing alerts long term. Reviewers will frequently highlight how well, or poorly, given products perform in this area.

Start a threat intelligence comparison here

Pricing Information

Threat intelligence pricing is often a subscription to multiple data feeds, with tiered pricing based on number of users. Data fees vary in cost from about $1,500 and $10,000 depending on the number of feeds.

Related Categories

Frequently Asked Questions

What do threat intelligence platforms do?

Threat intelligence platforms leverage libraries of knowledge on existing cyber threats to analyze an organization’s security data and identify potential or known threats to the business.

How much does a threat intelligence platform cost?

Standalone threat intelligence can range from $1,500-10,000+, depending on the number of users and volume of data.

Why is threat intelligence important?

Threat intelligence is key to ensuring that organizations have the most accurate and up to date information on modern cyber threats, and that they can use it in automated, scalable ways.

What’s the difference between threat intelligence and threat hunting?

Threat intelligence leverages known intelligence to analyze existing data, while threat hunting proactively looks for bad actors on a network, endpoints, or other systems. Threat hunting often encompasses elements of threat intelligence.