I'm looking for a threat intelligence tool that can aggregate multiple threat intelligence sources. Is this type of tool available? If so, how much do these services cost?
There are two approaches to answer your needs. You can either select:
1. SIEM / SOC Platform that could ingest more than 1 TI feed service
2. Threat Intelligence Platform
If you are looking to simply integrate the TI sources into one single centralized system, for instance: SIEM, you would choose option 1 because it will be investment effective.
Logrythm, Qradar, Stellar Cyber, Splunk and Alienvault are amongst the tools to go.
If you are looking to integrate to more than 1 target system inside your organization, go for a centralized Threat Intelligence Platform. The best one in the market is no doubt the Anomali Threat Intelligence Platform, while ThreatQuotient and EccleticIQ still have to catch up alot. The benefit of using Anomali Threat Intelligence Platform in example, is that you can actually manage multiple integrations to target system such as: SIEM, SOC Platform, NGFW, IPS, and others. This platform will provide you with great simplicity, for an organization which is reasonably large with multiple cybersecurity solutions.
Be wary, Threat Intelligence Platform is not investment friendly, as their cost could be unjustified if you can't consider all the benefits it provides. With TIP, you are expected to manage Threat Intelligence actively inside your organization, selecting and making the most out of the all TI feed services out there (community, freemium and premium service). You would need a team dedicated CTI Analyst to benefit from the use of Threat Intelligence Platform - otherwise it will be a waste of time and investment.
At the end of the day, you could also opt for open source STIX / TAXII client to a more cost effective alternative solution, depends on your requirement complexity and budgets.
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by each customer. The cost of the tool is based on the amount of data to be imported, Microsoft 365 and Azure are free, and for the time of data retention. Example: Azure Sentinel Pricing | Microsoft Azure
Azure Sentinel SIEM and I think Arcsight SIEM too.
What are the most common mistakes that businesses make regarding cyber threats? What measures can be put in place to avoid these mistakes? Do you have threat intelligence tools that you swear by to help with monitoring cyber threats?
I'm an Information Security Consultant at a large enterprise Tech Services company. What are the best tools for threat intelligence?