We just raised a $30M Series A: Read our story

Group-IB Threat Intelligence OverviewUNIXBusinessApplication

Group-IB Threat Intelligence is #3 ranked solution in top Threat Intelligence Platforms. IT Central Station users give Group-IB Threat Intelligence an average rating of 10 out of 10. Group-IB Threat Intelligence is most commonly compared to CrowdStrike Falcon:Group-IB Threat Intelligence vs CrowdStrike Falcon. The top industry researching this solution are professionals from a computer software company, accounting for 31% of all views.
What is Group-IB Threat Intelligence?

Group-IB has been pioneering incident response and cybercrime investigation practices since 2003. This experience and understanding of threat actors’ behaviours have evolved from our own investigation tools to an intelligence gathering network that now feeds Group-IB Threat Intelligence.

Buyer's Guide

Download the Threat Intelligence Platforms Buyer's Guide including reviews and more. Updated: November 2021

Group-IB Threat Intelligence Video

Group-IB Threat Intelligence Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
John Rendy
CTO at Systema Global Solusindo
Top 5Leaderboard
Helps end users increase ROI and avoid costly incidents

Pros and Cons

  • "The most valuable Group-IB Threat Intelligence features are their detections, especially in terms of account and card information leakage. This data sets Group-IB apart from some of the competition."
  • "The lack of appliance-based or on-premise options for this solution is its biggest downfall. Clients request them often."

What is our primary use case?

Our primary clients for this solution are tier-one banks in Indonesia. Group-IB Threat Intelligence is very useful for at least three major use cases. These use cases are strategic intelligence, operational intelligence, and technical intelligence. Our customers use Group-IB Threat Intelligence to base their investment on key technologies and invest in cybersecurity. And from the technical and operational standpoint, we streamline Threat Intelligence. We do this by conducting a continuous assessment of compromised activity in the organization, as well as maintaining the relevant prevention procedures against the adversary targeting the banks. Threat Intelligence comes in a SAS version. The only part that requires integration to their internal systems is whenever we want to process the data via STIX, or TAXII, or a certain API connected directly to the Threat Intelligence SAS platform.

What is most valuable?

The most valuable Group-IB Threat Intelligence features are their detections, especially in terms of account and card information leakage. This data sets Group-IB apart from some of the competition. This data is especially powerful for banks as it helps them understand their fraud activity, employee, and card information procedures better. They also have a powerful life graph system, which provides the customer with full global threat hunting capabilities. They can actually see their whole Internet infrastructure's fingerprint and can map it against the adversary infrastructures.

When implementing Threat Intelligence effectively, the customer can benefit from decreasing their security operations and can focus on precisely which target is attacking their environment. This saves the operational offering, as well as prevents the cyber incident that can impact them the most. 

What needs improvement?

Some clients request a Threat Intelligence Platform which requires Group-IB Threat Intelligence to integrate to it. The Group-IB Threat Intelligence could be integrated directly to internal clients' cyber security system via API and STIX protocol. 

However, managing multiple integrations to different security systems is very complicated. An integration middleware might be a solution to manage different integration points which is installed in the client's premise.

For how long have I used the solution?

I have three years of experience with Group-IB Threat Intelligence. 

What do I think about the stability of the solution?

Performance-wise, we have never experienced any downtime on the Threat Intelligence portal. They provided us with two versions of the portals. Essentially we have two systems running in parallel. This increases availability. If one portal is not accessible, we can use the other newer version of the portal. 

What do I think about the scalability of the solution?

The scalability is very good. All data – which often includes years and years of historical data – can be kept on a single platform and is accessible to the customer with a few clicks.

How are customer service and technical support?

The technical support for this solution is very, very responsive. They help me a lot with setting up evaluation instances for potential clients, for example. Also, whenever we saw potential issues on the dashboard, which happened very rarely, they responded within one to two hours. They have coverage for the Southeast Asian time zone. Their support will respond even after office hours. This gives me extensive tech support around the clock. 

How was the initial setup?

Overall, the implementation of the solution is divided into two big processes. The first one is the activation of Threat Intelligence. Typically, the activation doesn't take more than 24 hours. That means within the next day, the customer will already be onboarded on the intelligence platform. The SAS model has been proven to work very well in a lot of multi-tenancy scenarios. So basically when customers onboarded, they can actually directly access the portal and the data will be aggregated in parallel. Now, the second big process that we see from the implementation is actually integration to their SIEM or SOC platforms, as well as the existing security control systems. Such as the next-gen firewall, IPS, or endpoint solutions. This is quite complicated, notably because we have to understand the customer environment. And also, a lot of these processes rely on the majority of those existing security controls that are in place in the organization. Because of this, integration can take a long time, a month or two in some cases, depending on the scale, complexity, and the solution that we are integrating.

What was our ROI?

The cost of the solution versus the cost of an incident that may have been prevented with it shows a very high ROI. Customers that subscribe to Threat Intelligence can easily prevent an incident that may cost them three to four times the subscription value. For example, if they subscribe for 100 days, they may easily prevent an incident that could cost them at least $300,000 to $400,000 per incident.

What's my experience with pricing, setup cost, and licensing?

The pricing is considerably high. They should lower it if they want to cover a larger section of the market. On the other hand, their current pricing is actually suitable for major banks. 

Their licensing is very straightforward. They have a single subscription model. Customers will never encounter any hidden licensing fees because everything is provided in the subscription package. Procurement is straightforward as well. 

What other advice do I have?

Threat Intelligence is only usable if you can process the data it provides you with and streamline it into your security operations. If you're not integrating Threat Intelligence into existing cybersecurity controls, you will be overwhelmed with the amount of information that needs to be taken into account. 

The first thing I would suggest is to assess how your security operations are being managed right now. This will help you increase your return on investment and the impact of the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate