Threat Intelligence Platforms
Top Rated Products
(1-3 of 3)
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
All Products
(26-50 of 117)
Proofpoint Cloud App Security Broker (CASB) secures applications such as Microsoft Office 365, Google’s G Suite, Box, and other services, providing visibility and control over cloud apps.
TEHTRIS, headquartered in Pessac, offers their eponymous XDR platform, providing the XDR infrastructure to bring together several security solutions within a single platform, capable of detecting and responding to security incidents.
Trellix Insights (formerly MVISION Insights) is designed to help organizations move to an action-oriented, proactive security posture with local and global telemetry to detect, rank, and respond quickly and accurately to threats.
Explore recently added products
Kaspersky Labs offers threat intelligence as a service, but for those who prefer a secure on-premise technology-based solution, the company also provides Kaspersky Private Security Network, a threat intelligence platform supporting network security apps, appliances, and other Kaspersky…
Trend Micro offers their Threat Digital Vaccine (ThreatDV) as a subscription service available to customers that enables the prevention and disruption of malware activity. The combination of reputation feeds and malware filters gives customers added protection for their sensitive…
Snare is an IT security analytics suite of applications from Prophecy International headquartered in Adelaide, providing a complete log monitoring and management solution, as well as network threat intelligence.
EclecticIQ Platform is an analyst-centric Threat Intelligence Platform (TIP). The vendor says it is optimized for the collection of intelligence data from open sources, commercial suppliers and industry partnerships into a single collaborative analyst workbench. EclecticIQ Platform…
Keepnet is a cyber-security awareness and defence platform that provides a holistic approach to people, process and technology to reduce risk, from Keepnet Labs headquartered in London.
Dataminr Pulse is a Real-Time Event and Risk Detection solution for businesses, public sector, and news organization, that leverages AI to give users early indication of business-critical information about risks to people, a brand, and physical and virtual assets – so the user can…
Cybereason Managed Detection & Response (MDR) is a managed security service emphasizing behavioral analysis and incident response.
The ThreatConnect Threat Intelligence Operations (TIOps) Platform helps organizations to operationalize and evolve their cyber threat intel program, enabling cybersecurity operations teams to improve their organization’s resilience to attacks. The TIOps Platform enhances collaboration…
The CompTIA Information Sharing and Analysis Organization (ISAO) helps technology companies defend against threats that are increasingly targeted and malicious, with the potential to seriously harm the industry’s credibility, by tailoring proactive threat intelligence and actionable…
The Kaspersky Anti Targeted Attack Platform uses machine learning approaches to detect targeted attacks across network telemetry through a combination of automated network traffic analysis, correlative behavioral analysis, and other approaches to detect multi-layer threats across…
IBM experts provide the X-Force threat intelligence suite of services, including X-Force Research and X-Force Research Publications, and the X-Force Exchange platform for sharing threat intelligence knowledge and best practice with industry experts.
IntSights is an all-in-one external threat intelligence and protection platform, purpose-built to neutralize threats outside the wire. According to the vendor, it is the only solution of its kind. IntSights solution suite's goal is to equip cybersecurity teams worldwide to more…
SecIntel, from Juniper Networks, enables the threat-aware network with a feed of aggregated and verified security data that’s continuously collected from Juniper and multiple other sources. It delivers regularly updated, actionable intelligence to SRX Series firewalls, MX Series…
Agari Active Defense is a service to enable users to gain actionable intelligence, understand threats, and reduce risk from Business Email Compromise (BEC) attacks. The BEC Threat Intelligence service aims helps teams understand the specific threats an organization faces, develop…
Base Operations helps companies keep their people and operations secure with what they present as granular, street-level threat intelligence. With it, users can investigate important locations on-demand to identify the threats that matter most and provide data-backed recommendations…
ThreatMon's mission is to provide businesses with a comprehensive cybersecurity solution designed by experienced professionals to protect their digital assets from external threats. Threatmon's solution combines Threat Intelligence, External Attack Surface Management, and Digital…
Zimperium’s Advanced Mobile Threat Insights provides meaningful insights to executives like CISOs, CIOs, and Security Ops teams to protect the enterprise. In addition to executive reporting, Zimperium’s Advanced Threat Insights delivers operational insights for the Security Teams.…
Cloudmark, from Proofpoint, offers a broad view of Internet communications to enable visibility into emerging threats. The Cloudmark API enables direct queries into the systems collecting and categorizing threats collected by Cloudmark’s Global Threat Network.
Verint Web Intelligence, from Verint CIS, provides for the collection and analysis of open source data from the web, social media sites, blogs and news sites, and related sources, to support counter-terrorism and fight cyber crime.
Menlo Security's Isolation Security Operations Center (iSOC) is a continuous threat monitoring service that complements the Menlo Security Cloud Secure Web Gateway by monitoring Internet traffic that passes through the Menlo Global Cloud to identify unintended policy gaps, and…
Proofpoint Nexus is the security company's threat intelligence platform, now available to customers, which provides real-time data that spans email, social media, mobile devices and SaaS applications, supporting correlative study of attack behaviors and preemptive or forensic exploration…
Videos for Threat Intelligence Platforms
Learn More About Threat Intelligence Platforms
What is a Threat Intelligence Platform?
A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.
Threat intelligence platforms usually utilize two main sources of data. The first is a vendor-supported threat intelligence library. These libraries record all of the existing or known threats, including their signatures, risk factors, and remediation tactics. The second is the business’s existing security stack, which provides the threat intelligence platform with real time data. The platform then analyzes the organization’s data against the repository of known threats and possible signifiers to identify potential or active threats.
A key aspect of threat intelligence platforms are their automation. Leveraging internal and external data sources at high volumes are beyond the scope of any team’s manual analysis. Instead, threat intelligence products use automated policies and AI to identify threats without human intervention. Once it has identified a threat, the tool will alert stakeholders to said threats. This can lead to a higher volume of false positives/noise, but is still more efficient than manually managing and analyzing security data in the first place.
Threat intelligence capabilities can be found in a variety of products. Some vendors have focused on inserting threat intelligence into existing endpoint security and SIEM products. More recent developments in the SOAR space have also emphasized connecting threat intelligence directly to automated remediation actions. There are also a range of point solutions that specialize in deep threat intelligence libraries and robust analytics engines. These point solutions should also be able to integrate easily with the rest of an organization’s security technology stack.
Threat Intelligence Tools Features & Capabilities
Threat intelligence platforms usually consist of multiple threat intelligence tools, and have the following features:
- Data feeds from a variety of different sources including industry groups
- Data triage
- Alerts and reports about specific types of threats and threat actors
- Analysis and sharing of threat intelligence
- Normalization and scoring of risk data
Threat Intelligence Tools and Platforms Comparison
Consider these aspects of threat intelligence platforms when comparing different options:
- Suite vs. Point Solution: Is each product a standalone solution for threat intelligence, or part of a larger endpoint or network security package? Standalone solutions are more likely to be best-of-breed, while larger suites may come with better pre-built integration into other security functions within the platform. Suites may also be preferable if the organization is looking to restructure its broader security posture, rather than just adding threat intelligence capabilities.
- Integrations: How well does each product integrate with the rest of the organization’s tech stack, particularly other security systems? Threat intelligence platforms should at a minimum have prebuilt integrations for the other security systems the organization uses, or case studies speaking to the ease of integration in similar use cases.
- Alert Management: What impact does each platform usually have on false positive rates? Ensure that products on the shortlist won’t add an unexpected workload just from managing alerts long term. Reviewers will frequently highlight how well, or poorly, given products perform in this area.
Start a threat intelligence comparison here
Pricing Information
Threat intelligence pricing is often a subscription to multiple data feeds, with tiered pricing based on number of users. Data fees vary in cost from about $1,500 and $10,000 depending on the number of feeds.