It seems
every month SC Labs talks about the growing connectivity of the world and the
growing threat landscape alongside the growing the need for security
professionals to have the information necessary to stay ahead of these attacks.
Products in the threat intelligence space, which we revisit this month, provide
information to help organizations gain a better understanding of their present
internal and external risks that to see what could potentially affect their
environment. Intelligence
coupled with the collaboration built into these platforms can arm security
teams with actionable information that could aid in preventing attacks, or even
provide a strategic advantage so they can proactively respond to potential
threats, not just mitigating them post-attack. Companies are increasingly
looking to threat intelligence to effectively combat new-age threats and keep
up with an ever-growing workload.Obviously,
gathering information and intelligence on threats is a crucial component for
any solution in this space to meet the needs of security teams overwhelmed with
information but which don’t have the resources to weed through it and respond.
Threat intelligence vendors are developing software platforms and other
hardware solutions to make information actionable and offer security teams quick
visibility into it. That way, security professionals armed with valuable
information backed with context can take proactive measures to prevent attacks
from becoming an organizational issue. With comprehensive information at their fingertips,
analysts truly can delve into threats and spot existing patterns for a more complete
view on security.Although many
of the tools tested have similar functionality, they take different approaches
to the types of information gathered and how it’s collected. Most customers purchase
more than one threat intelligence solution, which might seem counterproductive.
But although they may overlap, these products
provide targeted information that highlights different areas important to an
organization’s business practices. While too much information in general can prove
a hindrance, an abundance of targeted information makes for better decisions.
The best advice we have for organizations looking to add extremely effective threat intelligence tools to their security arsenals is take the time to plan out goals and aims for the product before committing to one. The chosen solution(s) must be the best fit for an organization to avoid exacerbating the problem of overwhelming security teams with too much information and depriving them of context or focused reports.Threat IntelligenceThreat
intelligence is a crucial component to any organization’s security posture. Solutions
in this space gather and provide information on threats so that organizations can
proactively building defenses instead of relying solely on response and
mitigations.As we have
seen previously, and again this month, information is gathered from both open
and closed sources, using human resources and artificial intelligence, so that
security teams get the most comprehensive information possible.Researchers and investigators who actively hunt threats recognize vulnerabilities brought to bear by the growing connectedness of the world. As a result, vendors are building collaboration tools extensively throughout the threat intelligence solutions we tested to facilitate both internal and external information sharing.They have
crafted the products to ingest multiple intelligence feeds and pass the
information gathered through proprietary artificial intelligence mechanisms.
These machine learning tools produce a threat intelligence feeds/reports laid
out in actionable, easily readable intelligence that users can efficiently
ingest.These
platforms boast a variety of features like structural formatting, real-time
alerting, sandboxing, custom reporting and third-party integrations, the last
of which are growing within the threat intelligence space, yielding platforms
having been clearly designed with MSSPs in mind. Extensive built-in
integrations range from SIEM and firewalls to endpoint protections tools and email
– and beyond. Many of the products reviewed also offer APIs for integrating
technologies not yet supported by the platform with connectors. APIs can be
leveraged for both consumption and production, with most platforms supporting
STIX and TAXII records.While
initially tackling the problem of organizations not having enough information
on the threats they face, this crop of threat intelligence platforms seek to
address the growing issue of information overload resulting from the vast
landscape of threats currently in the wild. Too much information, coupled too
few resources, and missing context can quickly create a nightmare for analysts
trying to sort through threat intelligence.To counter
that, the platforms tested provide context to the intelligence gathered and
offer analysts the opportunity to configure settings so that alerts are
tailored to their organizational needs. Add an extensive collaboration features
and these products can maximize the efficiency of a security team as it proactively
builds a security posture.Although
the tools reviewed this month are similar in general functionality, they each
have unique methods of providing threat intelligence that distinguish them
enough to justify using more than one within an organization. Security teams
can leverage any of these threat intelligence solutions to aid in the
decision-making process and ensure their attention is being immediately drawn
where it is needed the most.Pick of the Litter Anomali Threat Platform is one of the less expensive options we tested. Its Trusted Circles community provides the enormous added benefit of leveraging valuable intelligence gathered by other companies. The price tag coupled with the value added through the community platform make this product an SC Labs Best Buy.Recorded Future Platform offers extensive integrations, standout monitoring capabilities and focused functionality throughout the platform. It functions intuitively and is clearly designed with the end user in mind, making this our SC Labs Recommended product this month.Click the headlines below to check out all the reviews: Anomali Threat Platform DomainTools Iris Investigation Platform 3.0 EclecticIQ Platform 2.4 Group-IB Threat Intelligence LookingGlass scoutPRIME 2019.2.J.46 Recorded Future Platform ThreatConnect 5.8 TruSTAR Enterprise Intelligence Management 3.9.12
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
