Which Threat Intelligence is best for you? Mandiant, Cisco SecureX, Splunk, Crowdstrike Falcon

More in-depth reviews at: bit.ly/ThreatIntelReviews

A Threat Intelligence Platform helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. A Threat Intelligence Platform can be a cloud or on-premise system to facilitate management of threat data from a range of existing security tools such as a SIEM, firewall, API, endpoint management software or Intrusion Prevention System. The primary purpose is to help organizations understand the risks and protect against a variety of threat types most likely to affect their environments.

Threat intelligence platforms usually utilize two main sources of data. The first is a vendor-supported threat intelligence library. These libraries record all of the existing or known threats, including their signatures, risk factors, and remediation tactics. The second is the business’s existing security stack, which provides the threat intelligence platform with real time data. The platform then analyzes the organization’s data against the repository of known threats and possible signifiers to identify potential or active threats.

A key aspect of threat intelligence platforms are their automation. Leveraging internal and external data sources at high volumes are beyond the scope of any team’s manual analysis. Instead, threat intelligence products use automated policies and AI to identify threats without human intervention. Once it has identified a threat, the tool will alert stakeholders to said threats. This can lead to a higher volume of false positives/noise, but is still more efficient than manually managing and analyzing security data in the first place.

Threat intelligence capabilities can be found in a variety of products. Some vendors have focused on inserting threat intelligence into existing endpoint security and SIEM products. More recent developments in the SOAR space have also emphasized connecting threat intelligence directly to automated remediation actions. There are also a range of point solutions that specialize in deep threat intelligence libraries and robust analytics engines. These point solutions should also be able to integrate easily with the rest of an organization’s security technology stack.

Timestamps
00:00 Introduction
00:31 Mandiant Advantage
01:45 Cisco SecureX
03:05 Splunk Enterprise
04:06 Crowdstrike Falcon Endpoint Detection
05:25 Conclusion

#threatintelligence #splunk #crowdstrike cloud security threat intelligence