2020-12-31T16:06:00Z

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

AS
  • 10
  • 290
PeerSpot user
10

10 Answers

RL
User
2021-08-04T16:48:55Z
Aug 4, 2021

There are several tools available - we use AlienVault from AT&T. 


It provides a full view from the Desktop to the Network Firewall to the Cloud and Application threats across multiple locations via WAN as well as multiple servers within your LAN.

Search for a product comparison in Threat Intelligence Platforms
SB
User
2021-08-04T13:12:41Z
Aug 4, 2021

You can look at Anomaly, which is a Threat Intel Platform (TIP).

EB
Community Manager
Aug 7, 2021

@Joe Tinaglia please avoid posting any marketing/sales content. This sort of content isn't allowed according to IT Cental Station Guidelines (see section "Help Others"). 
The discussions should be relevant to the topic and professional only. 

Thanks for respecting our policy.

PeerSpot user
JR
Consultant
2021-06-02T14:15:26Z
Jun 2, 2021

There are two approaches to answer your needs. You can either select:


1. SIEM / SOC Platform that could ingest more than 1 TI feed service 


2. Threat Intelligence Platform


If you are looking to simply integrate the TI sources into one single centralized system, for instance: SIEM, you would choose option 1 because it will be investment effective.


Logrythm, Qradar, Stellar Cyber, Splunk and Alienvault are amongst the tools to go.


If you are looking to integrate to more than 1 target system inside your organization, go for a centralized Threat Intelligence Platform. The best one in the market is no doubt the Anomali Threat Intelligence Platform, while ThreatQuotient and EccleticIQ still have to catch up alot. The benefit of using Anomali Threat Intelligence Platform in example, is that you can actually manage multiple integrations to target system such as: SIEM, SOC Platform, NGFW, IPS, and others. This platform will provide you with great simplicity, for an organization which is reasonably large with multiple cybersecurity solutions.



Be wary, Threat Intelligence Platform is not investment friendly, as their cost could be unjustified if you can't consider all the benefits it provides. With TIP, you are expected to manage Threat Intelligence actively inside your organization, selecting and making the most out of the all TI feed services out there (community, freemium and premium service). You would need a team dedicated CTI Analyst to benefit from the use of Threat Intelligence Platform - otherwise it will be a waste of time and investment.



At the end of the day, you could also opt for open source STIX / TAXII client to a more cost effective alternative solution, depends on your requirement complexity and budgets.

JR
User
2021-01-01T21:53:15Z
Jan 1, 2021

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by each customer. The cost of the tool is based on the amount of data to be imported, Microsoft 365 and Azure are free, and for the time of data retention. Example: Azure Sentinel Pricing | Microsoft Azure

AS
User
Jan 5, 2021

thanks

PeerSpot user
Yasir Akram - PeerSpot reviewer
Real User
2021-08-06T22:33:09Z
Aug 6, 2021

Hi, I have left the job, so don't know the exact count. but Yes, SlashNext is providing a very good service. regarding to the threat intelligence.

PF
Reseller
2021-08-04T15:16:02Z
Aug 4, 2021

Yes. 


"Advanced persistent threats (APT) penetrate networks and stay hidden through any number of targeted and difficult-to-detect means including spear phishing, credential theft or web app vulnerabilities.

Once inside, they use native operating system functions, credential dumping and human error to opportunistically seek higher-value targets and data. These types of attacks can be extremely damaging, difficult to remediate and much longer-lived – often 200+ days of dwell time. EDR telemetry becomes too limited in scope and volume to help, usually maxing out at 30 days.


Organizations can cost-effectively store one year of rich endpoint telemetry with deep integration between Tanium and Chronicle. Incident response teams and analysts will have drastically improved ability to hunt, investigate and fully scope advanced threats with sub-second search latency across endpoint and other data sources such as DNS, proxy and firewall logs."


Check this out: https://www.tanium.com/resources/data-drive-threat-hunting-tanium-chronicle

PF
Reseller
Aug 5, 2021

@Evgeny Belenky Yes -
Chronicle Benefits:

○ Pricing: One year of stored endpoint telemetry at a per endpoint price ( Fixed Cost) - MSP pricing includes Tanium Client Agent for Modules of Threat Response, Compliance, and Remediation. There are CORE modules that allow us to deploy the agent and generate discovery and asset reports with Zero Infrastructure and VPN requirements to brings 300 endpoints to 5 million under complete visibility and management within hours depending on the size of the customer. 
○ Infinite Elasticity: with a backend built on core Google infrastructure

○ Instant Search: across a full year of security telemetry to uncover latent threats
○ Cloud-native: solution built to auto-scale and eliminate data management overhead
Intelligent Data Fusion
Modern Threat Detection
Continuous IoC Matching
Hunt at Google Speed
Self-Managed ( per scope of work)
Disruptive Economics

PeerSpot user
Find out what your peers are saying about Recorded Future, Check Point Software Technologies, Microsoft and others in Threat Intelligence Platforms. Updated: March 2024.
765,386 professionals have used our research since 2012.
JT
Vendor
2021-08-04T14:19:12Z
Aug 4, 2021


  • What are you specifically trying to accomplish?

  • What is the compelling reason to look for this capability?

  • Are you funded?

  • What have you currently looked at?

KM
Real User
2021-08-03T14:00:56Z
Aug 3, 2021

IntSights, Recorded Future, Cybersixgill, and so on.

SG
Real User
2021-08-03T09:35:15Z
Aug 3, 2021

Maybe Greymatter from Reliaquest could help?

Yasir Akram - PeerSpot reviewer
Real User
2021-01-04T05:00:40Z
Jan 4, 2021

Azure Sentinel SIEM and I think Arcsight SIEM too.

Threat Intelligence Platforms
A Threat Intelligence Platform (TIP) is a solution that collects, analyzes, and distributes threat intelligence data. TIPs can help organizations to identify and mitigate cyber threats by providing them with insights into known and emerging threats.
Download Threat Intelligence Platforms ReportRead more

Related articles

Threat Intelligence Platforms experts

Adrian Cambronero - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer
Hazel Zuñiga Rojas - PeerSpot reviewer
Bharath Kumar Gajula - PeerSpot reviewer
LD