Content

SC Product Reviews: Threat and Intelligence Analysis Tools

SC Labs takes a look at 13 Threat Intelligence products that will let security teams take a more proactive stance on threat intel.

These products analyze internal and external threats and offer risk assessments of the vulnerabilities within an environment. The continuous growth of the threat landscape has not slowed down. On the contrary, the COVID-19 pandemic  has helped identify and emphasize the many shortcomings the cybersecurity industry faces – analyst burnout, tool fatigue, and skill shortages.

Organizations are desperate for a way to bolster security posture and keep pace with threats. Therefore, these products are more important than ever with their automation capabilities and collaboration tools that arm analysts with the actionable information necessary for effective threat detection and response. In some cases, organizations can prevent threats with the strategic advantage of threat intelligence products, shifting security from purely reactive to proactive. The industry needs such a shift in momentum to effectively combat the advanced threats of the modern era and keep up with the never-ceasing workload.

Threat intelligence products are trending away from only delivering information. In our testing, we saw great strides towards enhancing integration capabilities to drive the actionability of intelligence, versus just providing data for which analysts then must do the investigative and response work. Security teams are overwhelmed with too much information and too few resources. Integrating these platforms with SIEM solutions and other security investments offers the ability to act, often automatically, on the discovered threat information. Empowering security teams with products that help carry the burden of threat response and prevention lets them focus their efforts elsewhere while simultaneously closing gaps in the security perimeter.

Many times, organizations purchase multiple threat intelligence products. This might seem contrary to tackling tool fatigue. However, because these products are designed to highlight the information most relevant to an organization, deploying multiple threat intelligence products means receiving more targeted information. Although too much information can be a hindrance to threat detection and response, the more targeted information an organization has, the better decisions it can make.

We strongly recommend those looking to incorporate these effective threat intelligence products into their environment take the time to decide what they are trying to achieve and then commit to the product (s) best suited to the organization’s needs. Although these products are all threat intelligence solutions, many of them come with different approaches or focus points. Therefore, align security needs prior to committing. Companies don’t want to feed the vicious cycle of too much information without enough context or targeted reporting. The goal for CISOs and top managers should always be to keep security teams proactive.

Group Opener 
 

Threat intelligence has never been more valuable. Threat intelligence products gather information on internal and external threats to deliver a general picture of vulnerabilities and highlight risks of varying severity so analysts can concentrate their efforts on the most critical and vulnerable assets. Actionable threat intelligence can unburden security teams while giving them the tools to proactively fortify their defenses instead of relying exclusively on reactive practices like responses and mitigations.

We live in a connected world that’s constantly expanding. Every connection presents another potential risk. These products embrace this inter-connectedness and have built-in collaboration tools to facilitate internal communication and intelligence sharing as well as external, community forums where security pros may share or research public-facing intelligence to stay aware and ahead of new and re-emerging threats.

These products are designed to aggregate intelligence from multiple sources and present it in a way that makes it as easily digestible and actionable as possible. We probably saw the most improvement in the third-party integration capabilities. These solutions are now designed for the logical integration with other products such as SIEM, SOAR and firewall solutions. We saw both pre-built integrations and API integrations, maximizing the value of these products so security teams can leverage them for both consumption and production needs.

Security teams have to strike a careful balance between having enough information, but not so much information that they become overwhelmed. The industrywide skills gaps and lack of resources make this exceptionally tricky. However, the robust automation capabilities of these products are minimizing the impact of any imbalance and effectively optimizing existing resources. We consider these staple products for any security toolset. They will empower security teams with the targeted threat intelligence necessary to effectively make decisions and prioritize according to most critical needs.

Pick of the Litter  

ReversingLabs Titanium Platform maps threats to the MITRE ATT&CK Framework to accelerate investigation and response activities, while its massive known-malware repository ensures organizations keep pace with the ever-growing threat landscape. Titanium always issues descriptions in plain language so that even analysts with less experience can actively and effectively engage in threat hunting and response. This exceptional threat intelligence platform delivers valuable information while maximizing actionability. Such ease-of-use, transparency, and scalability make Titanium an attractive option for organizations of all sizes. It’s also one of the less expensive options we looked at this month, making this product an SC Labs Best Buy.

Recorded Future Security Intelligence Platform has become a strong player in the threat intelligence market, especially considering its robust integration catalogue and fully documented API. It offers analysts transparency, explaining the reasons behind the threat ratings it issues and supports these explanations with evidence and details. While many platforms with a multitude of options become heavy and difficult to navigate, Recorded Future remains easy-to-use for even novices. The ease-of-use balanced with advanced capabilities to optimize analyst efficiency and reduce response times make this our SC Labs Recommended product for this month’s round of testing.

November Reviews

Analyst1 v1.9

Anomali

AT&T Alien Labs Open Threat Exchange (OTX)

Bandura

DarkOwl Vision

Domain Tools Iris Investigation Platform v.3.0

EclecticIQ Platform v2.4

IntSights External Threat Protection Suite

LookingGlass Cyber Solutions, Inc. scoutPRIME 2020.2.K.25.66

ManageEngine Log360

Recorded Future Security Intelligence Platform v2020

ReversingLabs Titanium Platform

ThreatConnect v6.0

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.