Introduction
As cyber attacks grow in frequency, sophistication and impact, having an accurate, up-to-date view of the external threat landscape has become mission critical for security operations. Threat intelligence solutions aggregate and analyze indicators from a wide variety of open and dark web sources to provide early warning of emerging threats and attribute them to known adversaries. In this blog, we examine 15 of the most trusted threat intelligence vendors based on reputation, features, pricing and other factors to help you choose the right intelligence partner.
Methods of Evaluation
To determine the top 15 threat intelligence vendors for this list, we evaluated each company based on the following criteria: brand recognition and reputation in the industry, capabilities and effectiveness of the intelligence collected, number of integrations with other security technologies, customer reviews and ratings, backlink profile and search traffic for the company domains. Additional weight was given to companies that provide context around threats along with indicators, attribution of threats, and pricing and packaging flexibility to meet different budget and team sizes.
1. Symantec
Symantec Enterprise Cloud is an integrated cyber defense platform from legacy security vendor Symantec. The platform integrates network, endpoint, email and cloud security solutions along with advanced threat intelligence capabilities.
Pros: Key advantages of Symantec Enterprise Cloud include: – Strong brand recognition and legacy in the cybersecurity industry. – Highly integrated platform combining network, endpoint, email and cloud protection. – Breadth of threat intelligence captured through network and endpoint monitoring solutions including the BlueCoat acquisition.
Cons: A potential disadvantage is that as a large, legacy vendor – Symantec may not be as nimble or innovative as newer, born-in-the-cloud companies in certain areas like cloud security and threat hunting.
Pricing: Pricing for Symantec Enterprise Cloud varies based on the number of users and workloads protected. Existing Symantec customers may receive preferential pricing when upgrading existing deployments to the integrated cloud platform.
Some key stats about Symantec Enterprise Cloud include: – Protects over 50 million endpoints globally. – Monitors over 600 petabytes of web, email and cloud traffic daily. – Threat Intelligence database contains over 1.5 billion unknown files under continuous analysis.
2. F-Secure
F-Secure is a cyber security company based in Helsinki, Finland. Founded over 30 years ago in 1988, F-Secure is considered a veteran in the cyber security industry with a worldwide presence. Their threat intelligence platform utilizes reputation data and detection of malware families to protect against emerging threats.
Pros: Some key advantages of F-Secure’s threat intelligence include:
– Worldwide cyber security veteran with deep threat research expertise
– Broad malware detection capabilities through reputation data and malware family detection
– Protects users and devices globally with an international presence
Cons: One potential disadvantage is that as a larger, more established company, F-Secure may not be as quickly to market with threat intelligence on newly emerging threats compared to smaller and more nimble competitors.
Pricing: F-Secure offers both free and paid threat intelligence APIs and feeds. Paid plans start at $99/month for standard access and scale up based on data volume and customization needs.
Some key stats about F-Secure’s threat intelligence capabilities include:
– Over 30 years of cyber security experience and threat research
– Protects over 100 million users globally
– Analyzes over 5 billion reputation lookups per day
– Detects over 250,000 new malware samples per day
3. Palo Alto Networks
Palo Alto Networks is a cybersecurity company known for its next-generation firewalls and Cortex XSOAR platform. One of its offerings is Cortex Data Lake, a threat intelligence platform that helps organisations gain valuable insights from logs, indicators and other internal and external data sources. Cortex Data Lake uses machine learning and AI to uncover hidden threats and provides context around indicators of compromise.
Pros: Some key advantages of Cortex Data Lake include:
– Access to a vast pool of high quality threat intelligence curated by Palo Alto Networks.
– Seamless integration with Palo Alto firewalls and Cortex XSOAR for automated response.
– Advanced analytics capabilities using machine learning and AI to uncover hidden threats.
Cons: One potential disadvantage is that it may not be the most cost effective option for those with no existing Palo Alto infrastructure due to vendor lock-in.
Pricing: Pricing for Cortex Data Lake depends on the number of supported devices and varies based on the type of license. Generally enterprise license fees start at tens of thousands of dollars per year.
Some key stats about Cortex Data Lake include:
– Processes over 40 billion events per day from customer networks and honeypots.
– Has curated threat intelligence on over 750 million IP addresses, file hashes and domains.
– Serves intelligence to over 30,000 customers globally.
– Has over 900 intelligence researchers, data scientists and engineers.
4. FireEye
FireEye is a security software company that provides products and services around threat intelligence and cybersecurity. Founded in 2004, FireEye pioneered the market for threat intelligence and its flagship product Mandiant Solutions uses intelligence to power incident response services and the FireEye Helix security platform.
Pros: Some key advantages of FireEye’s threat intelligence include:
– Unmatched library of threat actor reports, campaigns and zero days from almost 20 years in the business
– Intel fuels Mandiant consulting services and full spectrum XDR protection
– Continues setting the benchmark for threat research and actively contributes to growing the overall security knowledge pool
Cons: One potential disadvantage is the cost as FireEye primarily targets enterprise customers and its threat intelligence likely requires a subscription versus being free.
Pricing: FireEye sells its threat intelligence and security products via a subscription model. Pricing is tailored to the individual customer but generally starts in the thousands of dollars per year range for standalone intelligence feeds. Larger security packages including Mandiant Advantage or FireEye Helix platform start in the low five figures annually.
Some key stats about FireEye’s threat intelligence capabilities include:
– Over 1,300 threat researchers collecting intelligence from over 500 million sensors globally each day
– Library of over 250,000 threat samples and over 100,000 reported incidents
– Has responded to over 6,300 security incidents including many high profile breaches
5. UpGuard
UpGuard is a threat intelligence and third-party risk management platform founded in 2013. Based in San Francisco, UpGuard monitors millions of companies and billions of data points daily across the open web and dark web to provide cyber risk ratings and attack surface management capabilities to its customers. Their patented BreachSight technology continuously monitors for data breaches across companies and the dark web to detect compromises early.
Pros: Some key advantages of UpGuard include:
– Continuous external monitoring of your organization’s attack surface across the open web and dark web
– Cyber risk quantification through a proprietary risk rating algorithm
– Third party risk assessment and monitoring of your entire supplier ecosystem
– Early detection of data breaches through BreachSight technology
Cons: One potential disadvantage is that advanced capabilities like breach monitoring require an enterprise subscription.
Pricing: UpGuard offers free limited access for individuals and pricing starts at $2,000/month for professional access and attack surface monitoring. Enterprise offerings with BreachSight integration and unlimited users start at $10,000/month.
Some key stats about UpGuard include:
– Monitors over 50 million domains and organizations daily
– Tracks over 5 billion data points across the public internet
– Assesses third party risk for over 1 million known supplier and vendor organizations
6. Cybereason
Cybereason is a leading cybersecurity company known for its endpoint protection, detection and response solution. Founded in 2012, Cybereason is based in Boston and has over 2,000 customers worldwide. Its flagship product, the Cybereason Defense Platform, leverages artificial intelligence and machine learning to autonomously prevent, detect and respond to cyber attacks across endpoints, users and the entire enterprise network.
Pros: Some key advantages of the Cybereason Defense Platform include:
– Combines endpoint prevention, detection and response with adversary-focused threat intelligence
– No-Elimination algorithm actively hunts for threats across the network
– Unified AI-driven XDR platform provides complete visibility across all points of entry
Cons: One potential disadvantage is that, as a full-stack XDR solution, it may be overkill for some organizations with simpler security needs. However, its comprehensive capabilities make it highly effective against even the most sophisticated cyber attacks.
Pricing: Cybereason offers flexible pricing options depending on needs. For the Cybereason Defense Platform, typical annual subscription costs range anywhere from $3 to $6 per endpoint. The company also offers free trials and product demos to evaluate the solution.
Some key stats about Cybereason include:
– Processes over 100 billion security events per day across customer environments
– Has detected and stopped over 200,000 attacks
– Deployed worldwide across numerous industry verticals including finance, energy and manufacturing
7. Vectra
Vectra is a leading provider of threat detection and response technologies. Founded in 2010, Vectra has pioneered the use of AI and machine learning in cybersecurity to detect hidden threats within user and IoT behavior. Their flagship product, Cognito, uses deep learning models and a massive cloud-based dataset to safely and securely detect cyberattacks in real time without personally identifiable information.
Pros: The key advantages of Vectra include: best integrated solution with automated investigation and prioritization; advanced AI algorithms for detecting hidden threats within user and IoT behavior; tight integration with major SIEMs, SOCs and XDR/MDR providers.
Cons: One potential disadvantage is that Vectra requires deployment of network sensors/ probes in order to monitor network traffic which adds complexity compared to solely agent-based solutions.
Pricing: Vectra offers flexible pricing based on the number of protected endpoints. Prices start at $5 per endpoint for the Essentials plan and scale up based on additional features and support required.
Some key stats about Vectra include: protects over 1,500 enterprises globally across all major industries, analyzes over 150 billion anomalies per month across more than 40 million endpoints, maintains an accuracy rate of over 99% with less than 1% false positives.
8. ZeroFox
ZeroFox is a threat intelligence platform that helps organizations monitor for digital risks and threats outside of their security perimeter. Founded in 2013, ZeroFox uses a combination of machine learning, AI and human analysis to protect organizations from brand abuse, data exposures, fake accounts and coordinated disinformation campaigns.
Pros: Some key advantages of the ZeroFox platform include:
– Monitoring of brand abuse, data exposures and fake social profiles across a wide variety of online sources
– Dark web monitoring to identify organization or customer sensitive data and credentials that are being sold illegally
– Social media analysis capabilities to help identify coordinated disinformation campaigns targeting the organization
Cons: One potential disadvantage is that the ZeroFox platform requires significant data sources and online footprint to be truly effective. It may not be as useful for smaller organizations or those with limited online presence or brand value to protect.
Pricing: ZeroFox offers flexible subscription pricing plans based on the number of monitored online locations and types of risks protected against. Contact ZeroFox sales for a customized quote tailored to your unique needs and security objectives.
Some key capabilities of the ZeroFox platform include monitoring of over 500 online platforms and data sources, detection of over 500 million digital risks per day, protection of over 250 global brands, and coverage of 75 languages.
9. ThreatConnect
ThreatConnect is a leading provider of cyber threat intelligence and security orchestration tools. Founded in 2007 and headquartered in Austin, Texas, ThreatConnect helps organizations gain insight into adversaries through threat intelligence capabilities and manage risks through integrated security orchestration. Drawing on insights from over 250 cybersecurity organizations and agencies, ThreatConnect provides a centralized platform to collect, organize, manage, and share threat data.
Pros: Some key advantages of ThreatConnect include:
– Best visualization and workflow management capabilities to analyze risks and automate response processes
– Advanced correlation engine that brings contextual intelligence to indicators, discoveries, and observations
– Integrates well with major SIEM, SOAR and IT tools like ServiceNow, Splunk and Palo Alto Networks for orchestrated response
Cons: One potential disadvantage is that ThreatConnect has a higher starting price point compared to some other threat intelligence platforms. However, it offers more advanced capabilities that many organizations require for enterprise-level threat intelligence and security orchestration needs.
Pricing: ThreatConnect pricing starts at $5,000 per year for the Standard Edition. Custom pricing is available for the Premier and Ultimate Editions which offer additional features, integrations and support tailored for large security teams. Cloud-hosted SaaS and on-premise installation options are both available.
Some key stats about ThreatConnect include:
– Over 1,500 customers worldwide including Fortune 500 companies and government agencies
– Processes over 4 billion threat indicators per month
– Integrates with over 250 different data sources for threat intelligence
– Built-in workflows to automate security processes and tasks
10. Silobreaker
Silobreaker is a leading threat intelligence platform that leverages open source intelligence (OSINT) to provide organizations deep insights into individuals, companies and their relationships. Founded in 2009 and headquartered in Canada, Silobreaker uses artificial intelligence and graph database technology to automatically extract intelligence from a vast array of online sources to build comprehensive entity profiles.
Pros: Some key advantages of Silobreaker include its powerful AI and graph database that can rapidly uncover relationships between entities that other tools cannot detect. It also provides continual automated monitoring and profiling of entities to keep intelligence up-to-date in near real-time. The platform offers unprecedented speed, allowing users to make more informed decisions faster than competitors.
Cons: As an OSINT focused platform, Silobreaker may not provide the same depth of intelligence as threat intelligence solutions with access to additional private data sources. The free trial version also has limited features compared to the paid tiers.
Pricing: Silobreaker offers various paid subscription plans for individuals and teams starting from $99 per month. Enterprise plans with additional features and customization options are also available based on organizational needs and size.
Some key stats about Silobreaker include indexing over 1 billion entities and relationships with data added from over 75,000 online sources daily. The platform currently has over 20,000 users across industries like financial services, cybersecurity and manufacturing.
11. Skybox Security
Skybox Security is a leading provider of cybersecurity posture management solutions. Founded in 2002, Skybox offers products for vulnerability management and network security policy management. Their flagship product, Skybox Security Suite, uses machine learning and graph analytics to help organizations assess security vulnerabilities and prioritize the most critical exposures.
Pros: Some key advantages of Skybox Security Suite include:
– Focuses heavily on vulnerability management with attack path analytics using machine learning to simulate real attacker behavior.
– Maps exploits to indicators for proactive detection and prioritization of threats based on the highest risk attack paths.
– Provides a centralized view of vulnerabilities, misconfigurations, and threats across hybrid networks.
Cons: One potential disadvantage is that Skybox Security Suite is an enterprise-level product suited more for large organizations versus small to medium-sized businesses due to its price and infrastructure requirements.
Pricing: Pricing for Skybox Security Suite is not publicly listed but is available through an enterprise sales representative. Typical pricing models include annual subscriptions based on number of IP addresses under management, number of users, and additional support/services options.
Some key stats about Skybox Security Suite include:
– Assesses over 60,000 vulnerabilities and risks per day for large enterprise networks.
– Has identified over 8 million attack paths across customer environments.
– Ranks in the Leaders category of Gartner’s Magic Quadrant for Vulnerability Assessment Tools for the last 4 years.
– Protects over 300 million addressed assets for both commercial and government organizations globally.
12. IntSights
IntSights is a leader in cyber threat intelligence. As the only all-in-one external threat protection platform, IntSights helps enterprises protect against threats outside the traditional security perimeter. IntSights continuously monitors the deep, dark and open web to gain visibility and contextual understanding of adversaries.
Pros: Some key advantages of IntSights include:
– Specialized in weaponization detection, botnet tracking and emerging threats
– Continuously mapping adversary groups, malware families and infrastructure
– Focus on integrating external data with internal context for most accurate view of threats facing organizations
Cons: One potential disadvantage is that ongoing maintenance and support requires dedicated resources from the customer.
Pricing: Pricing for IntSights is available upon request and depends on factors like the size of the organization, scope of deployment and custom requirements. Generally it is offered as an annual subscription with pricing ranging from $50,000 to $500,000 per year.
Some key stats about IntSights:
– Monitoring 2+ billion devices and endpoints on the open and dark web daily
– Tracking 900+ threat actors and 850+ families of malware
– Discovered over 180,000 command and control servers and botnets used by threat actors
– Continuously mapping new emerging threats facing enterprises before they materialize into attacks
13. SparkCognition
SparkCognition builds AI-powered software platforms designed to help organizations proactively defend against cyber threats. Their flagship product, DeepArmor, leverages deep learning and other AI techniques to automate and enhance cyber threat detection, response, and remediation. DeepArmor ingests and analyzes massive streams of security data from a variety of sources to uncover advanced threats that would normally evade detection by traditional security tools.
Pros: Some key advantages of DeepArmor include:
– Leverages AI and machine learning for predictive cybersecurity applications including threat modeling.
– Partnerships bring networked video/IOT intelligence into analysis to detect threats across different systems.
– Automates threat detection and response at scale to keep up with constantly evolving threat landscape.
– Proactively hunts for unknown threats that would evade signature/rules-based detection.
Cons: One potential disadvantage is that as an AI-powered solution, DeepArmor requires large datasets to train models which makes initial setup and configuration more involved than some competing products.
Pricing: Pricing for DeepArmor is based on the number of connected devices and volume of data processed. SparkCognition provides quotes for enterprise customers and pricing starts in the low five figures per month depending on the specific deployment size and use cases.
Some key stats about SparkCognition and DeepArmor include:
– Protects over 150 million IoT devices and counting.
– Analyzes over 500 terabytes of security data daily.
– Has detected over 10,000 previously unknown threats using machine learning and AI.
– Partners with network video, smart building, and industrial IoT providers to incorporate additional context into analysis.
14. EclecticIQ
EclecticIQ provides threat intelligence software to help organizations stay ahead of rapidly evolving threats. Their solution leverages unique techniques to automate threat hunting by continuously scanning various web sources to detect relationships between threats and connect dots. This provides security teams the most comprehensive view of potential risks.
Pros: Some key advantages of EclecticIQ’s threat intelligence software include:
– Automates threat hunting through continuous monitoring of web sources
– Unique techniques to detect and visualize relationships between dispersed threats
– Seamless integration of new internal and external data sources for cutting-edge insights
– Continuous delivery of intelligence to stay ahead of adversaries’ rapidly evolving tactics
Cons: One potential disadvantage is the upfront cost may be higher than some other threat intelligence solutions. However, the automated threat detection and comprehensive insights could help offset this initial investment over time.
Pricing: EclecticIQ does not publicly disclose pricing on their website. However, typical enterprise pricing models for threat intelligence platforms include per-user licensing, with discounts available for multi-year commitments. Additional professional services may also be purchased for deployment, custom integrations or training.
Some key stats about EclecticIQ’s threat intelligence platform include:
– Monitoring billions of data points across the surface, deep and dark web daily
– Integrating 50+ internal and external data sources for maximum coverage
– Detecting over 150 million cyber threats per month for customers
15. Awake Security
Awake Security is a threat intelligence platform provider helping enterprises gain visibility into their digital risks. Founded in 2020, the company is based in Boston and has over 500 customers globally including large corporations across various industries. Awake analyzes petabytes of data daily from the public internet, dark web and proprietary sources to provide comprehensive and contextual digital risk intelligence to its customers.
Pros: Key advantages of Awake Security’s threat intelligence platform include:
– Continuously mapping risks within applications, APIs and infrastructure
– Hundreds of techniques detect vulnerabilities before exploitation
– Powerful remediation guidance accelerates fixing critical issues
Cons: One potential disadvantage is that the platform requires significant compute resources and data ingestion which can lead to higher costs for very large enterprises with tens of thousands of internet-exposed assets.
Pricing: Awake Security offers both free and paid plans for its threat intelligence platform. The free developer plan provides access to basic features. Paid enterprise plans start from $5,000/month and pricing is dependent on number of assets, ingestion volume and additional services required.
Some key stats about Awake Security’s threat intelligence platform include:
– Analyzes over 10 billion data points daily from various sources
– Provides intelligence on over 1 billion devices, services and assets exposed online
– Has identified over 100,000 previously unknown vulnerabilities
Conclusion
The threat intelligence solutions market is highly competitive with many strong contenders. Regardless of which vendor you choose, having access to aggregated external threat data as well as using it to prioritize alerts, automate workflows and harden defenses will significantly boost your security posture in 2023 and beyond. We hope this overview of the top 15 vendors based on our evaluation criteria helps you select the right intelligence platform for your unique needs and environment.