The editors of Solutions Review cannot overstate the importance of threat intelligence platforms in 2019. In fact, they should form the heart of your cybersecurity operations and strategies.
After all, how can your enterprise properly defend itself if it doesn’t know the true cyber attacks it faces? If you prepare constantly for the last war, you doom your business to data breaches. Remember, data breaches don’t just hurt at the moment; they can damage your reputation permanently, lead to customer abandonment, and could shut it down entirely.
Hackers don’t just wait for cybersecurity to catch up. Instead, they constantly evolve their threats to become more penetrative and more damaging in the short and long term. Also, they work to conceal their threats from perimeter security capabilities and have them dwell on networks for months if not years.
Threat intelligence platforms matter to every branch of cybersecurity. However, no branch relies on it quite as much as SIEM. This branch performs some essential functions for modern IT environments such as log management, threat detection, and remediation. Without a steady supply of diverse digital threat intelligence, these capabilities can’t perform optimally. Actually, they may find their effectiveness handcuffed by out-of-date knowledge.
So how can your enterprise sort through the threat intelligence platforms of 2019? To help your business find the right fit for its individual use case, we present the top 11 threat intelligence platforms of 2019. We present them in alphabetical order:
The 11 Top Threat Intelligence Platforms of 2019
To start our list of top threat intelligence platforms of 2019, we begin with AT&T Cybersecurity. Their AT&T Alien Labs collects a large volume of threat data from diverse sources, including the Open Threat Exchange (OTX). Also, they collect from their worldwide sensor network, AT&T proprietary data, and dozens of external feeds to deliver tactical threat intelligence to their USM platform for effective threat detection.
Next, we look at Exabeam, a relative newcomer to the SIEM and threat intelligence market. Their Exabeam Threat Intelligence Service can collect evidence such as suspicious IP addresses, blacklisted IP addresses, known phishing URLs, etc. With this information, Exabeam allows analysts to leverage intelligence into their products. Therefore they can automate investigation playbooks and trigger alerts without the usual noise of SIEM solutions.
Of the top threat intelligence platforms of 2019, Fortinet integration of any public or private threat feed into their FortiSIEM. Therefore, Fortinet can cross-correlate with users’ own networks and security data. In turn, this allows your enterprise security teams to more accurately compile and analyze security event data, draw correlations, and develop and execute remediation strategies. These capabilities can become essential to scaling networks.
Through its threat intelligence, Lacework enables your enterprise to establish a behavioral baseline for your cloud and data centers. Additionally, it can identify deviations from behavioral baselines and filter millions of logged events and remove false positives. With this threat intelligence and machine learning, Lacework can provide your IT security team with actionable threat insights and visualization for its threat detection.
LogRhythm uses data lake intelligence capabilities to process and enrich logs. It provides intelligence to facilitate your threat hunting and thus the discovery of threat indicators. Further, LogRhythm provides threat intelligence through its NextGen SIEM solution, which aims to reduce security alerts and improve visibility. Additionally, this capability can scale with your growing enterprise network infrastructure.
McAfee’s solution, the Enterprise Security Manager, calculates baseline activity for all collected information. This enables them to provide alerts of potential threats to your enterprise before they occur. McAfee can also analyze data for patterns that may indicate a larger threat and leverages contextual information. These can include vulnerability scans and identity and authentication management systems.
Another of the top threat intelligence platforms of 2019, Seceon offers the Seceon Collection and Control Engine as part of their Open Threat Management Platform. As such, Seceon can perform threat intelligence for your enterprise. Specifically, it enables the platform to consume feeds from its predefined set of threat intelligence sources for enrichment, such as blacklisted URL and domain names. Additionally, users can send feeds from their own sources.
For threat intelligence, Securonix offers behavior-based techniques with peer group analysis techniques. It uses their intelligence to detect behavioral anomalies and insider threats, protect intellectual property, and provide threat forensics. Through this, Securonix facilitates threat detection and remediation at an enterprise level with necessary capabilities and SIEM integration.
Interestingly, SlashNext focuses on providing real-time phishing threat feeds to enterprises. Given the proliferation of phishing attacks, these feeds prove increasingly essential to businesses of all sizes. SlashNext works to provide information on zero-hour phishing attacks with automated URL re-checking and retirement. With this, enterprises receive up-to-date data on credential stealing, rogue software, and more.
As part of their Threat Monitor solution, SolarWinds provides up-to-date threat intelligence drawn from multiple sources. As such, it works to protect on-premises and hosted data center infrastructures as well as public cloud environments. Additionally, SolarWinds provides a clear dashboard with key information on the top malware families threatening your enterprise. As it centralizes threat intelligence to help reduce SIEM alert noise.
Splunk’s threat intelligence platform focuses on actionable intelligence developed through machine learning. Through their intelligence, they can develop baselines for your data and detect deviations from past behaviors or determine abnormalities. Splunk also provides predictive analytics through increased visibility into business transactions, IoT input, and security operations.
Rounding out our list of top threat intelligence platforms of 2019, we present Trustwave. Trustwave’s advanced threat research team increases your business’ uptime by preventing infections and keeping malware out. Their threat correlation includes 19 SIEM correlations which leverage open-source, crowd-sourced, and enterprise source intelligence feeds from all over the globe.
How To Learn More About The Threat Intelligence Platforms of 2019
You can begin with checking out our SIEM Buyer’s Guide. We dive into the top SIEM platform providers and their capabilities as threat intelligence platforms. Further, we provide Bottom Line analysis on all of the vendors we explore to help you find the right fit!
Latest posts by Ben Canner (see all)
- What Generated Data Should Your SIEM Ingest? - July 13, 2020
- Key Findings: 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM) - July 10, 2020
- 2020 Vendors to Know: SOAR - July 8, 2020