What do threat intelligence platforms do?
Threat intelligence platforms leverage libraries of knowledge on existing cyber threats to analyze an organization’s security data and identify potential or known threats to the business.
Threat Intelligence Platforms
Threat Intelligence Platforms Overview
Best Threat Intelligence Platforms include:
Anomali ThreatStream, Palo Alto Networks AutoFocus, VirusTotal, Mandiant Advantage Threat Intelligence, Mimecast Threat Intelligence, Recorded Future, SolarWinds Threat Monitor, Check Point ThreatCloud, McAfee Threat Intelligence Exchange, and Huntress.
Threat Intelligence Products
(1-25 of 65) Sorted by Most Reviews
The list of products below is based purely on reviews (sorted from most to least). There is no paid placement and analyst opinions do not influence their rankings. Here is our Promise to Buyers to ensure information on our site is reliable, useful, and worthy of your trust.
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises…
Key Features
- Event and log normalization/management (9)72%7.2
- Custom dashboards and workspaces (9)72%7.2
- Centralized event and log data collection (6)69%6.9
Splunk Enterprise Security (ES)
Customer Verified
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Key Features
- Centralized event and log data collection (61)94%9.4
- Correlation (62)90%9.0
- Custom dashboards and workspaces (63)88%8.8
CrowdStrike Falcon
Customer Verified
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…
Key Features
- Malware Detection (32)95%9.5
- Centralized Management (32)93%9.3
- Infection Remediation (32)92%9.2
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Threat Response integrates threat intelligence from Cisco Talos and third-party sources, which adds context…
Mimecast offers a threat intelligence service, including the company's Threat Intelligence Dashboard, threat remediation, and the Mimecast Threat Feed for integration threat intelligence into compatible SIEM or SOAR platforms.
Mandiant Advantage: Threat Intelligence (replacing the former FireEye iSIGHT Threat Intelligence) is a proactive, comprehensive threat intelligence platform delivered as a subscription service, providing visibility to global threats before, during and after an attack. It also helps…
ThreatStream from Anomali in Redwood City speeds detection of threats by uniting security solutions under one platform and providing tools to operationalize threat intelligence. ThreatStream also automates many of the tasks typically assigned to security professionals, freeing analysts…
AutoFocusâ„¢ contextual threat intelligence service, from Palo Alto Networks, accelerates analysis, correlation and prevention workflows. Targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional…
Symantec DeepSight Intelligence is provides timely, actionable threat intelligence enabling trams to assess risk and implement proactive controls.
McAfee Threat Intelligence Exchange acts as a reputation broker to enable adaptive threat detection and response. It combines local intelligence from security solutions across your organization, with external, global threat data, and instantly shares this collective intelligence…
Chronicle, a security company supported by Alphabet (Google), offers VirusTotal, a malware scanning and threat intelligence service.
About WhoisXML APIWhoisXML API’s Enterprise API Packages and Data Feed Packages provide comprehensive, historical, and real-time domain, IP, and cyber intelligence. With API packages, enterprises, managed security providers, and security solutions vendors can stay one step ahead…
Check Point Software Technologies provides threat intelligence via the Check Point ThreatCloud.
SolarWinds Threat Monitor empowers MSSPs of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable.
IBM experts provide the X-Force threat intelligence suite of services, including X-Force Research and X-Force Research Publications, and the X-Force Exchange platform for sharing threat intelligence knowledge and best practice with industry experts.
Trend Micro offers their Threat Digital Vaccine (ThreatDV) as a subscription service available to customers that enables the prevention and disruption of malware activity. The combination of reputation feeds and malware filters gives customers added protection for their sensitive…
Agari Active Defense is a service to enable users to gain actionable intelligence, understand threats, and reduce risk from Business Email Compromise (BEC) attacks. The BEC Threat Intelligence service aims helps teams understand the specific threats an organization faces, develop…
MVISION Insights is designed to help organizations move to an action-oriented, proactive security posture with local and global telemetry to detect, rank, and respond quickly and accurately to threats.
Exabeam headquartered in San Mateo, Exabeam Fusion, a SIEM + XDR. The vendor states the modular Exabeam platform allows analysts to collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response. The Exabeam platform can be deployed on-premise…
Kaspersky Labs offers threat intelligence as a service, but for those who prefer a secure on-premise technology-based solution, the company also provides Kaspersky Private Security Network, a threat intelligence platform supporting network security apps, appliances, and other Kaspersky…
Learn More About Threat Intelligence Platforms
What is a Threat Intelligence Platform?
A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.
Threat intelligence platforms usually utilize two main sources of data. The first is a vendor-supported threat intelligence library. These libraries record all of the existing or known threats, including their signatures, risk factors, and remediation tactics. The second is the business’s existing security stack, which provides the threat intelligence platform with real time data. The platform then analyzes the organization’s data against the repository of known threats and possible signifiers to identify potential or active threats.
A key aspect of threat intelligence platforms are their automation. Leveraging internal and external data sources at high volumes are beyond the scope of any team’s manual analysis. Instead, threat intelligence products use automated policies and AI to identify threats without human intervention. Once it has identified a threat, the tool will alert stakeholders to said threats. This can lead to a higher volume of false positives/noise, but is still more efficient than manually managing and analyzing security data in the first place.
Threat intelligence capabilities can be found in a variety of products. Some vendors have focused on inserting threat intelligence into existing endpoint security and SIEM products. More recent developments in the SOAR space have also emphasized connecting threat intelligence directly to automated remediation actions. There are also a range of point solutions that specialize in deep threat intelligence libraries and robust analytics engines. These point solutions should also be able to integrate easily with the rest of an organization’s security technology stack.
Threat Intelligence Platforms Features & Capabilities
- Data feeds from a variety of different sources including industry groups
- Data triage
- Alerts and reports about specific types of threats and threat actors
- Analysis and sharing of threat intelligence
- Normalization and scoring of risk data
Threat Intelligence Platforms Comparison
Consider these aspects of threat intelligence platforms when comparing different options:
- Suite vs. Point Solution: Is each product a standalone solution for threat intelligence, or part of a larger endpoint or network security package? Standalone solutions are more likely to be best-of-breed, while larger suites may come with better pre-built integration into other security functions within the platform. Suites may also be preferable if the organization is looking to restructure its broader security posture, rather than just adding threat intelligence capabilities.
- Integrations: How well does each product integrate with the rest of the organization’s tech stack, particularly other security systems? Threat intelligence platforms should at a minimum have prebuilt integrations for the other security systems the organization uses, or case studies speaking to the ease of integration in similar use cases.
- Alert Management: What impact does each platform usually have on false positive rates? Ensure that products on the shortlist won’t add an unexpected workload just from managing alerts long term. Reviewers will frequently highlight how well, or poorly, given products perform in this area.
Start a threat intelligence comparison here
Pricing Information
Threat intelligence pricing is often a subscription to multiple data feeds, with tiered pricing based on number of users. Data fees vary in cost from about $1,500 and $10,000 depending on the number of feeds.
Frequently Asked Questions
How much does a threat intelligence platform cost?
Standalone threat intelligence can range from $1,500-10,000+, depending on the number of users and volume of data.
Why is threat intelligence important?
Threat intelligence is key to ensuring that organizations have the most accurate and up to date information on modern cyber threats, and that they can use it in automated, scalable ways.
What’s the difference between threat intelligence and threat hunting?
Threat intelligence leverages known intelligence to analyze existing data, while threat hunting proactively looks for bad actors on a network, endpoints, or other systems. Threat hunting often encompasses elements of threat intelligence.