It seems every month SC Labs talks about the growing connectivity of the world and the growing threat landscape alongside the growing the need for security professionals to have the information necessary to stay ahead of these attacks. Products in the threat intelligence space, which we revisit this month, provide information to help organizations gain a better understanding of their present internal and external risks that to see what could potentially affect their environment.
Intelligence coupled with the collaboration built into these platforms can arm security teams with actionable information that could aid in preventing attacks, or even provide a strategic advantage so they can proactively respond to potential threats, not just mitigating them post-attack. Companies are increasingly looking to threat intelligence to effectively combat new-age threats and keep up with an ever-growing workload.
Obviously, gathering information and intelligence on threats is a crucial component for any solution in this space to meet the needs of security teams overwhelmed with information but which don’t have the resources to weed through it and respond. Threat intelligence vendors are developing software platforms and other hardware solutions to make information actionable and offer security teams quick visibility into it. That way, security professionals armed with valuable information backed with context can take proactive measures to prevent attacks from becoming an organizational issue. With comprehensive information at their fingertips, analysts truly can delve into threats and spot existing patterns for a more complete view on security.
Although many of the tools tested have similar functionality, they take different approaches to the types of information gathered and how it’s collected. Most customers purchase more than one threat intelligence solution, which might seem counterproductive. But although they may overlap, these products provide targeted information that highlights different areas important to an organization’s business practices. While too much information in general can prove a hindrance, an abundance of targeted information makes for better decisions.
The best advice we have for organizations looking to add extremely effective threat intelligence tools to their security arsenals is take the time to plan out goals and aims for the product before committing to one. The chosen solution(s) must be the best fit for an organization to avoid exacerbating the problem of overwhelming security teams with too much information and depriving them of context or focused reports.
Threat Intelligence
Threat intelligence is a crucial component to any organization’s security posture. Solutions in this space gather and provide information on threats so that organizations can proactively building defenses instead of relying solely on response and mitigations.
As we have seen previously, and again this month, information is gathered from both open and closed sources, using human resources and artificial intelligence, so that security teams get the most comprehensive information possible.
Researchers and investigators who actively hunt threats recognize vulnerabilities brought to bear by the growing connectedness of the world. As a result, vendors are building collaboration tools extensively throughout the threat intelligence solutions we tested to facilitate both internal and external information sharing.
They have crafted the products to ingest multiple intelligence feeds and pass the information gathered through proprietary artificial intelligence mechanisms. These machine learning tools produce a threat intelligence feeds/reports laid out in actionable, easily readable intelligence that users can efficiently ingest.
These platforms boast a variety of features like structural formatting, real-time alerting, sandboxing, custom reporting and third-party integrations, the last of which are growing within the threat intelligence space, yielding platforms having been clearly designed with MSSPs in mind. Extensive built-in integrations range from SIEM and firewalls to endpoint protections tools and email – and beyond. Many of the products reviewed also offer APIs for integrating technologies not yet supported by the platform with connectors. APIs can be leveraged for both consumption and production, with most platforms supporting STIX and TAXII records.
While initially tackling the problem of organizations not having enough information on the threats they face, this crop of threat intelligence platforms seek to address the growing issue of information overload resulting from the vast landscape of threats currently in the wild. Too much information, coupled too few resources, and missing context can quickly create a nightmare for analysts trying to sort through threat intelligence.
To counter that, the platforms tested provide context to the intelligence gathered and offer analysts the opportunity to configure settings so that alerts are tailored to their organizational needs. Add an extensive collaboration features and these products can maximize the efficiency of a security team as it proactively builds a security posture.
Although the tools reviewed this month are similar in general functionality, they each have unique methods of providing threat intelligence that distinguish them enough to justify using more than one within an organization. Security teams can leverage any of these threat intelligence solutions to aid in the decision-making process and ensure their attention is being immediately drawn where it is needed the most.
Pick of the Litter
Anomali Threat Platform is one of the less expensive options we tested. Its Trusted Circles community provides the enormous added benefit of leveraging valuable intelligence gathered by other companies. The price tag coupled with the value added through the community platform make this product an SC Labs Best Buy.
Recorded Future Platform offers extensive integrations, standout monitoring capabilities and focused functionality throughout the platform. It functions intuitively and is clearly designed with the end user in mind, making this our SC Labs Recommended product this month.
Click the headlines below to check out all the reviews:
Anomali Threat Platform
DomainTools Iris Investigation Platform 3.0
EclecticIQ Platform 2.4
Group-IB Threat Intelligence
LookingGlass scoutPRIME 2019.2.J.46
Recorded Future Platform
ThreatConnect 5.8
TruSTAR Enterprise Intelligence Management 3.9.12