What is Threat Intelligence?
Threat intelligence is data that is collected, processed and analyzed to understand a threat actor’s motives, targets and attack behaviors. Threat intelligence enables cybersecurity teams to make faster, more informed, data-backed security decisions and adapt their behavior to be more proactive in the fight against threat actors.
Why Is Threat Intelligence Important?
In the world of cybersecurity, advanced persistent threats (APTs) and defenders are constantly trying to outmaneuver each other. Insights into a threat actor’s next move, based on data, is crucial to proactively tailoring defenses and preempting future attacks.
However, while most organizations recognize the value of threat intelligence, many focus their efforts on only the most basic use cases, such as integrating threat data feeds with existing network, intrusion prevention system (IPS), firewalls and security information and event management (SIEM) tools — without taking full advantage of the insights that intelligence can offer.
Cyber threat intelligence services, combined with automation and human threat hunters, provide security teams of all sizes with critical threat insights to understand their threat profile and make fast, accurate security decisions to defend their organization against the latest threats.
Key Differentiators of Sophisticated Threat Intelligence Solutions
Cyber threat intelligence helps companies solve the data, time and expertise problems they face when defeating adversaries. High-performing threat intelligence solutions are built on three core components:
- High-fidelity threat data collection tools and processes that provide comprehensive coverage of the latest threats worldwide
- Threat expertise to turn collected data into actionable insights using modern artifical intelligence (AI) and machine learning (ML)
- Ability to integrate into other security solutions so team members can automatically leverage threat intelligence features and information
Top 10 Threat Intelligence Solutions(in alphabetical order)
- CrowdStrike Falcon Intelligence by CrowdStrike
- Flashpoint Intelligence Platform by Flashpoint
- Security X-Force by IBM
- Intel 471 Intelligence by Intel 471
- Kaspersky Threat Intelligence by Kaspersky
- Mandiant Advantage Threat Intelligence by Mandiant
- Defender Threat Intelligence by Microsoft
- Intelligence Graph by Recorded Future
- GreyMatter by ReliaQuest (Previously DigitalShadows)
- External Threat Intelligence by ZeroFox
CrowdStrike Falcon Intelligence by CrowdStrike
Austin, TX | 2011 | www.crowdstrike.com
CrowdStrike Falcon® Intelligence is a comprehensive intelligence solution that leverages unique, fully owned, high-fidelity threat data stored in the CrowdStrike Threat Graph® to help companies understand the adversary behind security events, enable them to defend against all of the actor’s tactics and move from a reactive to a predictive, proactive state.
- Leverages insights from CrowdStrike’s team of more than 200 threat analysts who have been tracking attack tactics for over a decade.
- Human threat hunters are supplemented by advanced AI/ML algorithms, helping security teams to understand, detect, investigate, respond to and predict the latest threats.
- Automatically analyzes malware found on endpoints, finds related samples from the industry’s largest malware search engine, investigates potential actors and enriches the investigative results with full-featured, expert-based, customized threat intelligence context.
- Integrates threat intelligence into all other CrowdStrike offerings, helping security teams enhance their security posture through advanced data capabilities.
Flashpoint Intelligence Platform by Flashpoint
- Automatically translates datasets across more than 25 languages to serve the global community
- Provides access to finished intelligence reports and primary source data across a wide range of illicit online communities, produced by Flashpoint intelligence experts.
- Leverages optical character recognition (OCR) and ML technology to simplify and automate search and alert capabilities.
- Provides timely alerts that identify potential risks to the organization based on self-selected key words and recommendations.
- Provides a comprehensive, single view of all relevant Flashpont data collections, offering insight into the latest security events and active threat profiles.
- Supports out-of-the-box integrations to connect SIEMs, TIPs, SOARs and other security tools and services.
Security X-Force by IBM
Armonk, NY | 1911 | www.ibm.com
IBM X-Force Exchange is a cloud-based intelligence platform that collects and translates threat data into actionable information, helping companies reduce risk and stay ahead of emerging threats.
- Combines human- and machine-generated intelligence to research and track the latest global threats across 170 countries.
- Provides a platform to help companies rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.
- Offers early warning indicators, as well as malware, threat group, threat activity and industry reports to improve detection and mitigation capabilities.
- Offers the ability to integrate with other security solutions within the tech stack using STIX and TAXII standards, or via a RESTful API.
Intel 471 Intelligence by Intel 471
Prosper, TX | 2014 | www.intel471.com
Intel 471 Intelligence is a threat intelligence capability that blends humans and machines to provide up-to-the-moment coverage and analysis of adversaries, malware, vulnerabilities and credential exploits.
- Provides organizations with targeted data of relevant actors and threat patterns, helping security teams prioritize and focus on the most pressing risks.
- Provides in-depth insights into known and emerging threat actors, as well as their tacticsools, techniques, and procedures (TTPs).
- Provides trend analysis and mapping to help companies track vulnerabilities and exploits to improve the security posture.
Kaspersky Threat Intelligence by Kaspersky
Moscow, Russia | 1997 | www.kaspersky.com
Kaspersky Threat Intelligence is a comprehensive, real-time threat intelligence tool that enables instant threat detection, analysis and alert prioritization based on more than 25 years of threat research.
- Continuously updated and globally sourced threat data provides rich and meaningful context to guide investigation.
- Patented sandboxing technology exposes even the most advanced threats facing each organization, industry and region.
- Supports easy integration into security controls via out-of-the-box connectors and a robust RESTful API.
- Powerful threat intelligence platform enables smooth integration, rapid matching and comprehensive analysis of any threat intelligence feed.
- Complex investigation graphs visually explore threat relationships and identify possible connections.
Mandiant Advantage Threat Intelligence by Mandiant
Alexandria, VA | 2004 | www.mandiant.com
Mandiant Advantage Threat Intelligence is a real-time solution that delivers frontline intelligence to help security teams identify threats, prioritize vulnerabilities and limit exposures.
- Provides up-to-the-minute, relevant threat intelligence based on 200,000 hours of annual incident response activity by more than 300 security and intelligence professionals across 23 countries.
- Provides direct access to analysis, IOCs, threat actors, vulnerabilities and detailed intelligence reports.
- Offered as a multilevel subscription to provide a full range of options based on each company’s needs and budget.
- Services accessible via portal, browser plug-in or API.
Defender Threat Intelligence by Microsoft
Redmond, WA | 1975 | www.microsoft.com
Microsoft Defender Threat Intelligence maps the entire internet to expose threat actors and their infrastructure, helping companies prevent attacks in real time.
- Continuous threat intelligence that scans the internet to identify attackers and their tools to create a complete picture of day-to-day changes.
- Tracks more than 24 trillion signals daily to identify potential threat exposures.
- Integrated threat protection with SIEM and extended detection and response (XDR) to accelerate detection and remediation and gain more context around complex threats.
Intelligence Graph by Recorded Future
Sommerville, MA | 2009 | www.recordedfuture.com
The Recorded Future Intelligence Graph is a comprehensive, real-time threat intelligence solution that captures and analyzes all internet data from the past decade to help organizations prevent and respond to advanced threats.
- Automatically collects and structures data across adversaries, their infrastructure, and the organizations they target from text, imagery and technical sources.
- Leverages natural language processing (NLP) and ML to analyze and map associations across billions of entities automatically in real time in 13 languages.
- Serves as the foundation for nine intelligence modules.
GreyMatter by ReliaQuest (Previosuly Digital Shadows)
Tampa, FL | 2007 | www.reliaquest.com
GreyMatter Platform by ReliaQuest is a full-service threat intelligence solution that aggregates and analyzes more than a decade’s worth of threat intelligence reporting and dark web data to help companies better defend against advanced threats.
- Powered by a continuously updated cyber threat intelligence library and in-depth analysis of more than 2,000 threat profiles from active threat actors, malware campaigns and events. Collects data gathered from a custom collection of open, deep and dark web sources.
- Proactively prevents breaches through exportable lists of indicators of compromise (IOCs).
- Identify security gaps via MITRE actor mappings and associated technique profiles.
- Robust API allows for integration with other TIPs, SIEMs and security orchestration, automation and response (SOAR) platforms.
External Threat Intelligence by ZeroFox
Baltimore, MD | 2013 | www.zerofox.com
ZeroFox External Threat Intelligence is a full-spectrum threat intelligence solution that provides comprehensive visibility to the threat landscape and the ability to expedite and automate security activity.
- Combines human- and machine-based services to analyze more than 12 billion threat intelligence records from across the internet, deep and dark web to determine attacker campaigns and infrastructure history.
- Combines AI/ML-driven algorithms and experienced human analysts to review, confirm and prioritize actionable alerts.
- Provides searchable, on-demand access to threat data, as well as customized, integrated intelligence feeds based on each company’s specific requirements.