View
Sorting
From A to Z
Products found: 4
Anomali ThreatStream
SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.
Collect
ThreatStream manages ingesting intelligence from many disparate sources, including:
ThreatStream takes raw threat data and turns it into rich, usable intelligence:
ThreatStream integrates with internal security systems to make threat intelligence actionable.
Collect
ThreatStream manages ingesting intelligence from many disparate sources, including:
- STIX/TAXII feeds
- Open source threat feeds
- Commercial threat intelligence providers
- Unstructured intelligence: PDFs, CSVs, emails
- ISAC/ISAO shared threat intelligence
ThreatStream takes raw threat data and turns it into rich, usable intelligence:
- Normalizes feeds into a common taxonomy
- De-duplicates data across feeds
- Removes false positives
- Enriches data with actor, campaign, and TTP
- Associates related threat indicators
ThreatStream integrates with internal security systems to make threat intelligence actionable.
- Deep integration with SIEM, FW, IPS, and EDR
- Scales to process millions of indicators
- Risk ranks threats via machine learning
- Includes Threat Bulletins from Anomali Labs
- Secure, 2-way sharing with Trusted Circles
EclecticIQ Platform
EclecticIQ Platform is a Threat Intelligence Platform (TIP) that empowers threat analysts to perform faster, better, and deeper investigations while disseminating intelligence at machine-speed.
EclecticIQ Platform connects and interprets intelligence data from open sources, commercial suppliers and industry partnerships. Features: Gather relevant intelligence
EclecticIQ Platform connects and interprets intelligence data from open sources, commercial suppliers and industry partnerships. Features: Gather relevant intelligence
- Capture incoming intelligence
- Conduct triage
- Distribute to stakeholders
- Automate feeds into security controls
- Share with communities
- Support STIX and TAXII standards
- Graph with advanced search
- Collaborate with colleagues
- Generate insightful reports
- Create structured intelligence
-
-
ROI-calculator
Configurator
ROI-
-
13
15
Threat Intelligence Platform
With our Threat Intelligence Platform (TIP), centralize the aggregation and management of threat data no matter the source. Whether it’s Open Source data from OSINT Feeds, Blogs, or RSS Feeds; or indicators being sent from a threat intel feed provided by an ISAC or Premium Provider, we take that data and add additional context.
Robust integrations with tools like your SIEM, EDR, and firewall pull internally generated logs into ThreatConnect for further enrichment. You’re provided with a place to organize and prioritize the data so you can then use it to drive actions inside and outside of the Platform.
Agnostic and Extensible Integrations for Distributing Information to Other Security Tools
Intelligence collected within our Threat Intelligence Platform has the ability to dictate decisions being made across your technology stack. Send relevant and actionable insights from the TIP to other tools with our wide breadth of integrations and flexible Playbooks. Export Threat Intelligence Reports and share the information with other teams to help your organization stay up to date on relevant threats. Read more about how ThreatConnect helped a customer use relevant threat intelligence here. Dynamic Intel-driven Automation and Orchestration for Better Decision Making As additional context and associations are applied to an indicator, you are armed with intelligence that should influence decision making. But, indicators are dynamic and ever changing. And as they change, so should the processes tied to them. With ThreatConnect, intel-driven automation, orchestration, and response gives you the ability to adjust decisions on the fly based on the changes seen in the intelligence that is influencing the process. Your automated processes are made smarter with Playbooks that enable continuous dynamic decision-making. With ThreatConnect, you are able to centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness all in one place. Make your security operations and analysts more efficient, while providing real-time insights to security leaders to make better business decisions. With ThreatConnect’s intelligence-driven security operations platform, your team has the ability to leverage threat intelligence, automation, and orchestration directly from one platform. Automation or orchestration informed by threat intelligence makes your pre-existing technology investments and your entire security team — including security operations and incident response — more efficient and more effective. A complete solution, ThreatConnect enables you to gain visibility into threats and understand their relevance to your organization, as well as increase efficiency with automation, task management, and orchestration. With ThreatConnect, every member of your security team — including leadership — benefits from using the same platform. A centralized system of record, ThreatConnect can measure the effectiveness of your organization with cross-platform analytics and customizable dashboards.
Intelligence collected within our Threat Intelligence Platform has the ability to dictate decisions being made across your technology stack. Send relevant and actionable insights from the TIP to other tools with our wide breadth of integrations and flexible Playbooks. Export Threat Intelligence Reports and share the information with other teams to help your organization stay up to date on relevant threats. Read more about how ThreatConnect helped a customer use relevant threat intelligence here. Dynamic Intel-driven Automation and Orchestration for Better Decision Making As additional context and associations are applied to an indicator, you are armed with intelligence that should influence decision making. But, indicators are dynamic and ever changing. And as they change, so should the processes tied to them. With ThreatConnect, intel-driven automation, orchestration, and response gives you the ability to adjust decisions on the fly based on the changes seen in the intelligence that is influencing the process. Your automated processes are made smarter with Playbooks that enable continuous dynamic decision-making. With ThreatConnect, you are able to centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness all in one place. Make your security operations and analysts more efficient, while providing real-time insights to security leaders to make better business decisions. With ThreatConnect’s intelligence-driven security operations platform, your team has the ability to leverage threat intelligence, automation, and orchestration directly from one platform. Automation or orchestration informed by threat intelligence makes your pre-existing technology investments and your entire security team — including security operations and incident response — more efficient and more effective. A complete solution, ThreatConnect enables you to gain visibility into threats and understand their relevance to your organization, as well as increase efficiency with automation, task management, and orchestration. With ThreatConnect, every member of your security team — including leadership — benefits from using the same platform. A centralized system of record, ThreatConnect can measure the effectiveness of your organization with cross-platform analytics and customizable dashboards.
Product Features
- Open Source Feeds
- Ingest Premium Feeds
- Access to CAL™ Data
- TAXII Server
- ThreatConnect Intelligence Source
- Custom Dashboards
- Automated Email Import
- Manage Incidents and Tasks
- Create Threat Intelligence
- Orchestration
- Custom Indicator Types
ThreatQ
To understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder. ThreatQ can serve as an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning threat library, adaptive workbench and open exchange allow you to quickly understand threats, make better decisions and accelerate detection and response.
HOW THREATQ WORKS:
THREAT LIBRARY
Shared Contextual Intelligence Using ThreatQ as a threat intelligence platform equips you with a threat library that automatically scores and prioritizes threat intelligence based on parameters you set. Prioritization is calculated across many separate sources, both external and internal, to deliver a single source of truth using the aggregated context provided. This removes noise, reduces risk of false positives and enables users to focus on the data that really matters.
ADAPTIVE WORKBENCH Combine Automation and Human Intelligence for Proactive Detection and Response Customer-defined configuration and integrations to work with your processes and tools. Customizable workflow and customer-specific enrichment streamline analysis of threat and event data for faster investigation and automates the intelligence lifecycle.
THREATQ INVESTIGATIONS The industry’s first cybersecurity situation room ThreatQ Investigations solves the collaboration and coordination inefficiencies that exist across security operations to accelerate detection and response. As the first cybersecurity situation room, it streamlines investigations and improves active collaboration among and across teams. Team leaders can direct actions, assign tasks and see the results unfold in near real time.
HOW THREATQ WORKS:
THREAT LIBRARY
Shared Contextual Intelligence Using ThreatQ as a threat intelligence platform equips you with a threat library that automatically scores and prioritizes threat intelligence based on parameters you set. Prioritization is calculated across many separate sources, both external and internal, to deliver a single source of truth using the aggregated context provided. This removes noise, reduces risk of false positives and enables users to focus on the data that really matters.
- Self-tuning
- Context from external + internal data
- Structured and unstructured data import
- Custom enrichment source for existing systems
ADAPTIVE WORKBENCH Combine Automation and Human Intelligence for Proactive Detection and Response Customer-defined configuration and integrations to work with your processes and tools. Customizable workflow and customer-specific enrichment streamline analysis of threat and event data for faster investigation and automates the intelligence lifecycle.
- Consolidated view, unified opinion
- Automatically prioritize based on all sources
- Continuous threat assessment
- Push-button operations using existing tools and processes
- User-specific watch list widget
THREATQ INVESTIGATIONS The industry’s first cybersecurity situation room ThreatQ Investigations solves the collaboration and coordination inefficiencies that exist across security operations to accelerate detection and response. As the first cybersecurity situation room, it streamlines investigations and improves active collaboration among and across teams. Team leaders can direct actions, assign tasks and see the results unfold in near real time.
- Fuse together threat data, evidence and users
- Accelerate investigation, analysis and understanding of threats in order to update your defense posture proactively
- Drive down mean time to detect (MTTD) and mean time to respond (MTTR)
- Build incident, adversary and campaign timelines
- Bring your own connectors and tools
- SDK / API for customization
- Standard STIX/TAXII support
The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.