Some of the top threat intelligence services include Verisign, SecureWorks, McAfee, Infoblox, Symantec, RSA, LookingGlass, Threat Intelligence API, and FireEye. Here is a comparison of these services with regards to data feeds and support:
Data Feeds
All these service providers, except McAfee, provide data feeds through contract or subscription that change depending on the packaging or the need for specialized threat intelligence platforms or equipment. For instance, LookingGlass offers data feeds in numerous varying formats for high-risk hosts, websites, IP addresses, command-and-control servers, confirmed malware infection records, domain names, malicious payloads, and new domain registrations under one contract.
Infoblox provides three main data feeds of Active Trust for hostnames, URLs, and IP addresses. Active Trust provides Advanced, Plus, and Standard subscription packages. The standard package comprises Infoblox DNS Firewall’s basic threat data set. The Plus package expands the data set while including Infoblox partner SURBL’s data and letting clients select one of the data feeds. Advanced package consists of all data feeds and data sets.
SecureWorks provides threat and vulnerability feeds, which can be integrated into the current infrastructure through CSV, STIX, and XML by the subscribers. The advisory information of the company comprises reports of security strategy regarding significant attacks, events, and threats together with actionable recommendations.
Symantec threat intelligence platform provides three data feeds of DeepSight Intelligence: vulnerabilities, IP reputation, and domain/URL reputation. The availability of reputation data feeds is in CEF, CSV, and XML formats. The availability of vulnerability data feeds is in XML only. Clients select how often they require reception of updates like every hour, every fifteen minutes, or every day.
FireEye sells five varying iSIGHT intelligence subscriptions that are designed for security position roles. Intelligence feeds of machine-to-machine are delivered via the iSIGHT API.
A significant differentiator in the industry is the RSA Live data. To enable merging of client’s data with open source and other intelligence, RSA Live data undergoes conversion into clickable metadata, making it very valuable. To access feeds of RSA Live data, clients require having NetWitness Suite due to the integration of RSA NetWitness Suite with RSA Live.
While Infoblox feeds can be used with the client’s security equipment or the Infoblox DNS Firewall, Verisign and RSA can only be used with a limited number third-party or proprietary systems of security.
Threat Intelligence API comprises simple services and tools that are enterprise-grade, which aid in detection and analysis of threats. The platform gathers data from various providers, utilizes its substantial in-house databases, and real-time analysis of host configuration. Threat Intelligence API will offer an in-depth view of the target host.
On the other hand, reputation data from McAfee Global Threat Intelligence that is cloud-based is integrated for certificates, messages, web, network connections, web categorization, and files by McAfee Intelligence Service. This is as opposed to requiring downloading and handling of data feeds by clients. These reputation services are default in numerous Intelligence Security products like McAfee Threat Intelligence Exchange.
Support
Majority of the top threat intelligence services provide around the clock support throughout the year through a client portal or phone together with web knowledge bases. Standard support is part of the pricing. All the firms provide help with escalated support problems and takedowns for an extra fee.
Threat Intelligence API
You can, therefore, choose the suitable intelligence service for you depending on the needs of your company. However, the top intelligence service of the list is Threat Intelligence API. Its numerous and powerful features are suitable for any business.