2023 SC Awards Finalists: Best Threat Intelligence Technology

Anomali ThreatStream is a leading threat intelligence management solution that collects and processes raw data, providing actionable insights to security teams. With over 180 turnkey integrations and a global intelligence repository, the platform curates intelligence from all sources and delivers it through its observable search capability. Anomali ThreatStream automates the collection of global threat data and provides relevant, timely intelligence to enhance visibility into the threat landscape, allowing for faster and more informed security decisions. The platform includes an array of features, including automated intelligence gathering, adversary profiling, and secure collaboration across trusted communities. The platform is cloud-native and receives consistent capability updates, ensuring that customers are always up to date with the latest intelligence.

AT&T Alien Labs Open Threat Exchange (OTX) is an open and free platform that allows security professionals to share, research, and validate the latest threats, trends, and techniques. With over 200,000 global security and IT professionals submitting data daily, OTX is among the world’s largest open threat intelligence communities. It provides context and details on threats, including threat actors, organizations and industries targeted, and related indicators of compromise. When users contribute threat indicators to OTX, they can also classify, search, and filter data based on specific industries to identify the emerging threats that are most relevant to their own work. OTX adversary pages compile threat information from various sources about specific threat actors and groups. The platform automatically analyzes suspicious threats by running files/URLs through the Alien Labs malware and threat analysis engine, which includes multiple layers of automated checks, analytics, and machine learning (ML). OTX is a flexible and free model for sharing and consuming threat intelligence via the platform’s integrations with any security tooling, and its community is growing at a staggering rate.

According to the 2023 CrowdStrike Global Threat Report, cyberattacks are increasingly malware-free and lateral movement within organizations can occur in as little as 84 minutes. To combat this, CrowdStrike offers a comprehensive solution through its Falcon Intelligence platform, which provides high-fidelity intelligence, automated intelligence integrated into SOC workflows, and trusted research reports and alerts. The platform also offers visibility into the dark web to detect and remediate compromised data and brand abuse. The platform enables organizations to increase SOC efficiency, stop imminent threats, and optimize organizational defense strategy. CrowdStrike Falcon Intelligence is operational on Day One, and is cloud-delivered and continuously updated with real-time threat intelligence content.

Mandiant Advantage Threat Intelligence, a module available on the Mandiant Advantage platform, helps organizations across the U.S. recognize the most pressing cyber threats they face. It empowers security teams to be proactive in their approach and adjust their protection strategies by providing insights into threat actors, their techniques, and motivations. The intelligence is curated by over 385 security researchers and intelligence analysts across 29 countries, making it the most extensive collection of frontline intelligence on malicious actors and their tools. The Threat Intelligence is updated consistently and includes access to finished intelligence reports based on Mandiant experts’ strategic analysis, third-party global telemetry, incident response, and technical research findings. Mandiant Advantage Threat Intelligence provides a range of subscription models, including free access to publicly-known actor, malware, and vulnerability trends, and an additional module to assess, prioritize, and remediate vulnerabilities at enterprise scale.

The high volume, variety, and velocity of cyber threat intelligence data often make it challenging for security operations teams to operationalize threat intelligence. The ThreatConnect TI Ops Platform addresses this issue by allowing customers to operationalize intelligence from multiple sources while maintaining fidelity and context. The platform enables faster detection and response by integrating high-fidelity, multi-source threat intelligence into security programs. With flexible automation, intelligence scoring, and reporting capabilities, ThreatConnect helps security teams save time, streamline operations, and improve security effectiveness. According to a Q1 2023 survey, ThreatConnect customers have reported significant improvements in their mean-time-to-respond to threats, tool effectiveness, and CTI analyst efficiency. ThreatConnect serves more than 200 global enterprise customers and integrates with 150-plus security, IT, and business tools. The cloud-native solution is SOC2 Type II certified and backed by PSG, a market-leading investor.