TI feeds must include open source and commercial feeds... It may be better to get a platform rather than individual feeds. It's always better to have more feeds to validate each other
Search for a product comparison in Threat Intelligence Platforms
There are two categories of Threat Intelligence so-called "tools"
1. Threat Intelligence Platform
2. Threat Intelligence Feed Service (premium provider)
A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides you with a common platform sharing to aggregate the TI feed services from typically community / freemium sources, you will have to still purchase the premium ones for example: Group-IB Threat Intelligence.
On the contrary, Threat Intelligence Feed Service only provides you with real useful information of Indicator of Compromises, Analyst Report, Request for Information, support for CERT analyst, detection of malware, phishing and other attack related to your company. They do not come in platform and they cannot integrate other open source or third party TI feeds. The service is usually presented in a secured accessible Dashboard where you can monitor everything that is in the Darkweb and if any particular threat actor is lurking to attack your organization.
When will you need Threat Intelligence Platform? 1. If you need to integrate more than single source of TI feeds
2. If you need to push that information down to the multiple target systems such as SIEM, NGIPS, NGFW, Endpoint, etc
If you don't need the above, you could reasonably opt for premium TI feed service provider, because they provide more accurate information for your organization, tailored specifically to monitor all the threat actor against your organization. The feed service would then be integrated to the SIEM / SOC platform to correlate with all your cybersecurity events inside your organization.
Sales Solutions Engineer at a tech services company with 201-500 employees
Reseller
2020-07-20T09:00:13Z
Jul 20, 2020
Try Open Threat Exchange otx.alienvault.com The best one, and now researchers from AlienVault is a part of AT&T, so they have really great data sources and expertise in Threat hunting.
A Threat Intelligence Platform (TIP) is a solution that collects, analyzes, and distributes threat intelligence data. TIPs can help organizations to identify and mitigate cyber threats by providing them with insights into known and emerging threats.
TI feeds must include open source and commercial feeds... It may be better to get a platform rather than individual feeds. It's always better to have more feeds to validate each other
There are two categories of Threat Intelligence so-called "tools"
1. Threat Intelligence Platform
2. Threat Intelligence Feed Service (premium provider)
A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides you with a common platform sharing to aggregate the TI feed services from typically community / freemium sources, you will have to still purchase the premium ones for example: Group-IB Threat Intelligence.
On the contrary, Threat Intelligence Feed Service only provides you with real useful information of Indicator of Compromises, Analyst Report, Request for Information, support for CERT analyst, detection of malware, phishing and other attack related to your company. They do not come in platform and they cannot integrate other open source or third party TI feeds. The service is usually presented in a secured accessible Dashboard where you can monitor everything that is in the Darkweb and if any particular threat actor is lurking to attack your organization.
When will you need Threat Intelligence Platform?
1. If you need to integrate more than single source of TI feeds
2. If you need to push that information down to the multiple target systems such as SIEM, NGIPS, NGFW, Endpoint, etc
If you don't need the above, you could reasonably opt for premium TI feed service provider, because they provide more accurate information for your organization, tailored specifically to monitor all the threat actor against your organization. The feed service would then be integrated to the SIEM / SOC platform to correlate with all your cybersecurity events inside your organization.
Try Open Threat Exchange otx.alienvault.com The best one, and now researchers from AlienVault is a part of AT&T, so they have really great data sources and expertise in Threat hunting.
Have you looked at IBM threat intelligence with i2?
You can try Malware Information Sharing Platform.
Most supported open source threat intelligence platform will help