Best Threat Intelligence Software

Threat intelligence software provides organizations with information related to the newest forms of cyber threats like zero-day attacks, new forms of malware, and exploits. Companies utilize the tools to keep their security standards up to date and fit to combat new threats as they emerge. These tools can improve security performance by providing information on threats to their specific networks, infrastructure, and endpoint devices. These products provide information about hazards and how they function, their capabilities, and remediation techniques. IT administrators and security professionals use the data delivered to better protect their systems from emerging threats and plan for possible vulnerabilities. The tools alert users as new threats emerge and provide information detailing best practices for resolution.

Many products like security information and event management (SIEM) and vulnerability management software can integrate with or provide similar information as threat intelligence products. Those products, though, tend to provide live updates and actionable intelligence, and focus on other components of a security ecosystem.

To qualify for inclusion in the Threat Intelligence category, a product must:

  • Provide information on emerging threats and vulnerabilities
  • Detail remediation practices for common and emerging threats
  • Analyze global threats on different types of networks and devices
  • Cater threat information to specific IT solutions
G2 Crowd Grid® for Threat Intelligence
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction

Get personalized Threat Intelligence recommendations

1
2
3
Compare Threat Intelligence Software
    Results: 104

    Filters
    Features
    Star Rating

    Threat Intelligence reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    The global network of highly skilled researchers and analysts, protecting businesses from known and emerging malware - viruses, rootkits and spyware.


    CylancePROTECT redefines what antivirus can and should do for your organization by leveraging artificial intelligence to detect AND prevent malware from executing on your endpoints in real time.


    Web based threats continue to rise. Symantec saw over 568,000 web threats a day during 2013, an increase of 23 percent over the previous year. Against this ever changing landscape, preventing threats entering through web communications is critical. Symantec Web Security.cloud delivers always-on, advanced malware protection, enforces acceptable use policies, and protects against confidential data loss for businesses looking to protect web use for employees. Support for roaming users extends protection and control outside the corporate network.


    Safeguard your cloud-based email with our industry-leading threat and anti-spam protection for Office 365, Google Apps, and more.


    Alert Logic Threat Manager with ActiveWatch is a cloud-based managed intrusion detection and vulnerability assessment solution.


    FireEye Network Security (NX) solutions protect against known and unknown advanced attacks with the signature-less Multi-Vector Virtual Execution (MVX) engine, conventional intrusion prevention system (IPS) and intelligence-driven detection.


    FortiGate offers a network security platform, designed to deliver threat protection and performance with reduced complexity.


    The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning, that detects both known and unknown malware without relying on signatures.


    Distil Networks protects your website from fraud, brute force attacks, web scraping, account hijacking, unauthorized vulnerability scans, spam, man-in-the-middle attacks, and click fraud. Slash the high tax that bots place on your internal teams and web infrastructure by outsourcing the problem to the team with a maniacal focus on blocking malicious bots. :: Harden your website security by eliminating malicious bots :: Protect data from web scrapers, unauthorized aggregators and competitors :: Increase insight and control over human, good bot and bad bot traffic :: Deploy on the Distil Cloud CDN or Distil Appliance (Physical | Virtual | AWS) Distil’s self-optimizing protection blocks 99.9% of malicious bots without impacting legitimate users -- eliminating the manual IP blocking that IT teams used to do.


    McAfee Threat Intelligence Exchange optimizes threat detection and response by closing the gap from malware encounter to containment from days, weeks, and months down to milliseconds.


    Vectra Networks provides an automated threat management solution that monitors internal network traffic to detect in real time active cyber attacks inside networks.


    NNT Change Tracker Generation 7 uses either an agent-based or agentless architecture – the choice is yours. After initial discovery, NNT-Change Tracker scans your devices and compares them to a standard policy. The policy applied will either be user defined or based on an industry standard such as the Center for Internet Security (CIS). Policies can be automatically assigned based on the device type or priority via a centrally managed console. NNT analyses every configurable component within your IT Estate and allows you to define a ‘Known, Good, Secure and Compliant State’ for all of your in scope systems. Once IT systems are rendered ‘Provably Secure, Compliant & Malware Free’, NNT Change Tracker monitors for any deviations to both policy and state. Changes are intelligently categorized as either planned or unplanned and automated threat intelligence feeds provide ultimate reassurance that changes are acceptable and malware free. NNT-Change Tracker is able to fully automate change approval for you, using our unique intelligent change control knowledge base and whitelist. And now you can use the NNT FAST™ (File Approved-Safe technology) Cloud to do just this, in real-time. NNT Change Tracker utilizes a unique change control system known as ‘Closed Loop Intelligent Change Control’. This ensures that what actually changed, matches the expected approved change profile. NNT Change Tracker learns over time, which changes within your environment are normal and which are abnormal and is able to apply threat-based logic to the automation of change approvals. The result is a massive reduction in false positives making the process of both ‘stopping and spotting’ a breach vastly more straightforward. Any configuration drift can also be automatically remediated using the inbuilt remediation kit leveraging CIS or any other policy standard. With NNT’s real-time capabilities, unlike traditional scanning or exclusively agentless technologies, potential breaches to systems or policies are spotted immediately.


    ATI software provides enhancements for intrusion protection systems and intrusion detection systems.


    Cisco Talos is a threat intelligence organization dedicated to providing protection before, during, and after cybersecurity attacks.


    DeepSight Intelligence provides resources to make sharper decisions against emerging global threats.


    Sqrrl Enterprise enables the ingest and analysis of disparate datasets to facilitate proactive threat detection, in what's known as cyber threat hunting. Sqrrl's Big Data architecture leverages Hadoop, link analysis, machine learning, data-centric security, and advanced graph visualization technology.


    CapStar Forensics is an analytic platform that complements Wireshark by enabling the syntax and vocabulary in a fully-programmable, stateful way, with a blazingly fast search engine that allows persistent searching.


    Fortinet’s top-rated FortiSandbox provides the on-site intelligence that enables the Fortinet Security Fabric to address the fast moving and more targeted threats across a broad attack surface. Specifically, it delivers real-time intelligence through the automated detection and response to previously unknown malware. Broad Coverage of the Attack Surface with Security Fabric – applies advanced inspection across the top attack vectors of network, email, web infrastructure and even individual endpoints Automated Zero-day, Detection and Mitigation - Native integration and open APIs enable the exchange of objects from, and return of intelligence to, Fortinet and third-party vendor products for immediate threat response Certified and Top Rated - Constantly undergoes rigorous, real-world independent testing and consistently earns top marks such as ICSA ATD Certification and NSS Labs Recommendation for Breach Detection and Prevention.


    SCWX is a cybersecurity company that works to provide an early warning system for evolving cyber threats, enabling to prevent, detect, rapidly respond to and predict cyberattacks.


    Protecting your customers from the latest security threats isn’t an easy task - you need to monitor for threats, intrusions, and vulnerabilities across their infrastructure, take the appropriate action to remediate those threats quickly, and prepare the information needed to demonstrate their compliance to standards set by regulatory governing bodies. SolarWinds® Threat Monitor™ - Service Provider Edition is a fast, scalable, cloud-based platform built to enable security-minded Managed Service Providers (MSPs) with a unified tool to monitor managed networks for threats analyze logs against the latest and most up to date threat intelligence information from around the globe. For an MSP looking to grow your service offering portfolio, SolarWinds Threat Monitor – Service Provider Edition is the tool you need to detect, remediate, and report on security events for all your managed networks.


    Advanced Threat Analysis is a security solution that combines sandboxing technology, dynamic code analysis, machine learning, and actionable threat reporting.


    Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.GuardDuty also detects potentially compromised instances or reconnaissance by attackers.


    Check Point’s multilayered security technology provides protection against advanced and zero-day cyber threats, preventing attacks, minimizing risks and offering rapid response


    Check Point offers comprehensive intelligence to proactively stop threats, manage security services to monitor networks and incident response to quickly respond to and resolve attacks.


    Cofense Intelligence uses proprietary techniques to analyze millions of messages daily from a wide variety of sources.


    Digital Vaccine filters help your organization control the patch management life cycle by providing pre-emptive coverage between the discovery of a vulnerability and the availability of a patch as well as added protection for legacy, out-of-support software.


    DomainTools' data and products work in harmony to enable security teams to start getting ahead of attacks, gain context and visibility into potential threats, and lower the skills barrier.


    ET Intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after.


    Cloud-based ESET Threat Intelligence closes the gap between the cybersecurity information that security engineers get from their own networks and the cyberspace intelligence that ESET collects worldwide.


    Falcon X™ automates the threat analysis process and delivers actionable intelligence and custom IOCs specifically tailored for the threats encountered on your endpoints.


    FireEye Threat Intelligence anticipates and respond to cyber attacks.


    Flowmon Networks provides a solution that helps companies to enhance performance of their networks and secure them against modern cyber threats.


    IBM Security X-Force Threat Intelligence is a security solution that adds dynamic Internet threat data to the analytical capabilities of IBM QRadar Security Intelligence Platform.


    Intrusion Prevention (IPS) Protect against known, unknown, and undisclosed vulnerabilities in network.


    OPSWAT is a cyber security software company that provides solutions to secure and manage IT infrastructure.



    Ridgeback is an enterprise security software platform designed to defeat malicious network invasion in real time.


    Everyone uses the internet, both the good guys and bad guys. RiskIQ catalogs, maps, and enriches the structure of the internet to let you take charge of your digital presence and combat threats to your organization. Our four key products that make up our Digital Threat Management suite include RiskIQ Digital Footprint, External Threats, PassiveTotal, and Security Intelligence Services.


    SolarWinds Risk Intelligence makes it concrete by assigning value to your data vulnerability, helping you build a strong business case for data protection and triage the most important problems to tackle.


    InfoArmor VigilanteATI is a feature-rich, comprehensive solution delivering actionable, targeted threat intelligence with context that alerts you to the potential impact of attacks before they become a direct or peripheral risk to your organization. We search the dark web for chatter from bad actors, analyze threat data and offer a scalable solution that keeps your business assets safe from both current and emerging threats. VigilanteATI provides the necessary comprehensive advanced threat intelligence to effectively reveal the "who, what, why, when and how" to defend against past, present and future global cyber threats.


    AbuseSA is a feed-agnostic threat intelligence platform that secures your network from external threats.


    Acalvio provide an Advanced Defense solutions using a combination of Distributed Deception and Data Science technologies that allows security practitioners in detecting, engaging and responding to malicious activity with high precision in a timely and cost-effective fashion.


    Gathering targeted and actionable intelligence, Argos pools both technological and human resources to generate real-time incidents of targeted attacks, data leakage and stolen credentials compromising your organization.


    BlueVoyant Threat Intelligence monitors your company’s external attack surface, assesses emerging risks, and delivers near real-time, actionable intelligence that is specific to your organization.


    CAWS seeks out, captures, and analyzes live threats in the wild, in real time.


    The Telesoft CERNE combines a high rate 40Gbps IDS engine with automated record of relevant network traffic for real-time and historical threat investigation. CERNE continuously scans and collects all network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event.


    Check Point Infinity is the only fully consolidated cyber security architecture that provides unprecedented protection against Gen V mega-cyberattacks as well as future cyber threats across all networks, endpoint, cloud and mobile. The architecture is designed to resolve the complexities of growing connectiviity and inefficient security


    Corvil transforms network data into streaming machine-time intelligence to run business with full transparency, assured performance, and continuous cyber surveillance of users, infrastructure, applications, and services.


    CTX/Soltra Edge leverages the open industry standards of STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) to collect threat intelligence from various sources and convert it into the industry-standard language, revealing information that helps firms make decisions on what actions they need to take to help users better protect their organizations against cyber threats.


    NC4's Cyber Defense Network (CDN) is designed to help our nation's critical infrastructure communities and private sector companies defend themselves against cyber threats with greater efficiency, effectiveness and speed.


    DeceptionGrid automates the deployment of a network of camouflaged malware traps that are intermingled with your real information technology resources.


    Inspired by the brain's natural ability to learn, Deep Instinct is the first successful application of deep learning to cybersecurity. Deep Instinct's neural network's powerful deep learning algorithms, instinctively identify and block zero-day and advanced persistent threats in real time on any device, platform and operating system.


    Detect, learn and predict fraudulent activity using behavioral analysis and machine learning. DetectTA analyzes user behavior and sends alerts on any deviations from established regular behavioral patterns. This cutting-edge machine intelligence can be combined with user-defined analytics, rules, policies, and workflows for comprehensive coverage and flexibility.


    DigitalStakeout discovers threats & vulnerabilities to people, places & things through mining social media, deep web & dark web.


    Combining comprehensive coverage, unique detection and intelligence, and automated takedown, Digital Threat Protection offers a unique approach to combat attacks from the beginning, enabling organizations to focus on the future, not the fear of fraud.


    DNIF utilises threat intelligence in the best way possible. It provides that ‘extra’ information that every analyst craves for. You can not just segregate the blacklisted IPs but also get additional context about your incoming logs through the ‘Enrichment’ feature. DNIF Threat Intelligence tool also scans applications against dedicated threat intels and distinguishes whether they are malicious or not. This in-depth analysis helps you identify security threats and make informed decisions and maintain security in your organisation. DNIF provides complete and unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Use cases: - Detecting malicious application using VirusTotal - Detection malicious application using Kaspersky - Detecting malicious domain using domain tools


    Edgewise Protect reimagines network security to protect where firewalls fail. Machine learning makes protection as easy as one click, while dramatically raising the cost and complexity for the attacker.


    Endgame Platform is an endpoint security platform that prevents all device compromise, stops ongoing attacks, and automates the hunt for the next generation of attacks.


    ENSIGN uses a patent-pending high-performance implementation of decomposition algorithms from the mathematics of multilinear algebra to enable the unsupervised discovery of subtle undercurrents and deep, cross-dimensional correlations within these structures.


    The Exabeam Security Intelligence Platform provides organizations of all sizes with comprehensive, end-to-end detection, analytics, and response capabilities from a single security management and operations platform.


    The CrowdStrike Falcon® platform has revolutionized security through the innovative use of the cloud to deliver protection to customers across the globe.


    FireMon is the No.1 Intelligent Security Management solution provider, combining advanced automation and analysis to deliver next-generation security intelligence to enterprise organizations, government agencies and managed security providers. The FireMon product suite enables network security and operations teams to more effectively manage their security infrastructure. Security Manager FireMon Security Manager provides continuous visibility into and control over network security devices and policies in large enterprise environments. Through web-based KPI dashboards, traffic flow analysis and network access mapping, the platform proactively delivers the intelligence IT security, network and compliance teams need to optimize their network device configurations, monitor and validate compliance and review and make policy changes. The addition of the following add-on modules expands the capabilities of Security Manager to include workflow automation and risk analysis. • Policy Planner automates change workflows and gives firewall administrators the necessary tools to evolve policy and protection over time. This web-based module collects user requirements, recommends rule changes, provides detailed risk assessment of requests changes and supports full system audits and verification. Policy Planner uses the BPMN standard, integrating with existing business-process tools and enabling communication throughout the change process. • Policy Optimizer automates the rule review and recertification process. With Policy Optimizer, IT teams can identify troublesome rules, understand why they were created and determine if they remain relevant. The automated workflow generates event-driven or ad hoc rule review, validates rule justification with the policy owner and quantifies the risk of the requested changes so they do not impact service • Risk Analyzer reduces risk by proactively analyzing your network infrastructure, then simulating how attackers might gain access through vulnerabilities in business assets. Risk Analyzer allows IT teams to quickly assess the impact of a potential attack, where multiple exploits can be used in combination and how prepared network defenses are to defeat an attack. Immediate Insight Immediate Insight from FireMon is a real-time security analytics software that brings the speed and simplicity of a search engine to data analysis and discovery. It merges machine learning, correlation and natural language in a simple, workflow-centric interface to reveal relationships in the data that users may not have even known to look for.


    Going beyond malware protection, F-Secure provides end-point protection and security management solutions. Developed in Europe for businesses around the globe.


    The GigaSECURE Security Delivery Platform is a next-generation network packet broker focused on threat prevention, detection and analytics. The right tools get the right traffic at the right time, every time.


    Apply artificial intelligence to accelerate incident analysis and rapidly respond to threats.


    Identity Guard, created by Intersections Inc., is a trusted provider of award-winning identity theft protection products for consumers and business client.


    Imperva Attack Analytics correlates and distills thousands of security events into a few readable security narratives. The solution employs artificial intelligence and machine learning to simplify application security event investigations, enabling IT organizations to mitigate and respond to real threats quickly and decisively.


    Imperva CounterBreach uses machine learning and analytics to identify suspicious data access and prioritize threats.


    Imperva ThreatRadar Reputation Services identifies and filters out the traffic coming from known bad actors trying to access your websites, mobile applications and APIs.


    Orchestration and automation to accelerate your teams and tools


    iTrust provides cybersecurity risk ratings and risk intelligence to help businesses build trusted relationships with their vendors, partners, and suppliers. iTrust collects and analyzes third-party risk metrics using machine learning to deliver 360 vendor security and compliance visibility. iTrust is designed to be the world's most intelligent cyber risk rating and threat intelligence platform.


    Ixia Application and Threat Intelligence offers continuous real-time data feeds to ensure current application and threat intelligence at all times.


    Founded to address the technology gaps that restrict security modernization efforts, JASK is revolutionizing security operations to reduce organizational risk and improve efficiency through technology consolidation, enhanced AI and machine learning.


    Insights allows you to secure and manage any vulnerabilities, compliance and operational risk that may arise from using open source components.


    NC4 Mission Center is a Managed Service solution that gives public and private sector organizations a highly secure, web-based platform for secure communication and collaboration for cyber threat intelligence sharing. With over ten years' experience in developing "need-to-know", "need-to-share" based solutions, NC4 Mission Center brings dispersed organizations flexible, compartmented data sharing environments configured with effective collaborative tools and functionality required for exchanging critical information. NC4 Mission Center is powerful enough to handle a mission with hundreds of thousands of operational users spanning organizational and geographic boundaries, but easy enough to use for everyday collaboration.


    Provides a custom-fit SIEM-as-a-Service on top of our award-winning unified SIEM platform, EventTracker


    Powered by XGen security, Trend Micro Network Defense goes beyond next-gen IPS to provide a blend of cross-generational techniques that apply the right technology at the right time to deliver integrated detection and prevention of known, unknown and undisclosed threats.


    Enable your organization to uncover risky user behavior in real-time, investigate incidents, and prevent data exfiltration


    Optiv Security Intelligence provides insights needed to understand adversaries and threat environment.


    Measure - Picus tells you security effectiveness right now including all emerging threats.; Categorize - Picus helps you prioritize your security resources to where you need it the most.; Monitor - continually asses your resilience to threats.; Alarm - Picus sends alarms for the situations where your security risk increases.


    Plurilock delivers preventative, instantaneous, and continuous solutions for insider threats and regulatory compliance.


    Proofpoint Premium Threat Information Service provides deeper understanding of the ongoing threat landscape and your organization's place in it, enabling you.


    The ProtectWise Grid is changing the way humans interact with security with one of the largest security data sets ever created and analyzed. It captures traffic - flows, metadata and packets - analyzes it in real time, retains it indefinitely, and visualizes it for immediate and effective detection and forensics.


    Pulsedive is a brand-new analyst-centric threat intelligence platform that can provide users with comprehensive community threat intelligence to help identify known threats. Pulsedive is currently consuming over 40 OSINT feeds, equating to over one million IPs, domains, and URLs that are searchable for free at https://pulsedive.com. A dedicated solution is available for enterprise customers who want to consume vendor threat intelligence and manage their internal and private data without sharing to the community.


    Risk Ident offers anti-fraud solutions for companies within e-commerce and financial sectors.


    Secuirt Intelligence Platform is a security solution with powerful and integrated capabilities.


    The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network, revealing exactly which devices and users are compromised.


    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their ecosystems through continuous, non-intrusive monitoring. The company’s approach to security focuses on identifying vulnerabilities from an outside-in perspective, the same way a hacker would. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Web, Application Security, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Credentials, DNS Health, Endpoint Security, IP Reputation and Cubit Score.


    As businesses evolve, so do fraudsters. That's why Simility provides adaptive fraud prevention that grows with you. Simility's flexible platform ingests data sources in the public, private cloud or onsite. Plus, you can easily add new sources (whether structured, unstructured, or data lakes) as you grow. Without having to write any code, your analysts can quickly identify evolving fraudulent tactics across silos and create appropriate rules, thanks to a powerful combination of human intelligence with Simility's self-optimizing machine-learning models. Simility helps you stop fraud in real-time while providing greater fraud intelligence with fewer false positives. Learn more at www.simility.com.


    SNYPR is a security analytics platform that transforms big data into actionable security intelligence.


    The new Soltra Edge® v2.11 release that became available on October 3, brings all the powerful capabilities that have come to make Soltra Edge the most widely used Cyber Threat Communications Platform for two-way sharing of cybersecurity information.


    Spotlight Secure Threat Intelligence Platform links security intelligence to policy enforcement for rapid protection against advanced threats.


    Anomali offers a comprehensive suite of Threat Intelligence solutions for organizations of any size.


    strixus is a deep web monitoring engine for cyber and brand threats.


    SurfWatch Threat Analyst is an easy-to-use SaaS product that delivers strategic and operational threat intelligence to help organizations identify adversarial opportunities for attack and proactively mitigate cyber risks.


    Prevent, not just detect, advanced threats using scalable inline malware protection and real-time threat intelligence


    TDAC (Telesoft Data Analytics Capability) is a cost effective, field-proven ultra-high-rate monitoring, analytics and forensics platform. TDAC ingests and analyses millions of events per second, including network flow data, IDS alerts and system logs, enhancing data with known threat intelligence (including IP reputation, threat classification, geo-location), partitioning and pre-anaysing data for rapid sub-second query by Incident Response and Forensics teams.


    ThreatConnect is a in-platform analytics and automation solution.


    ThreatQuotient is a threat intelligence platform designed to enable threat operations and management and arm your analysts with the intelligence, controls and automation required to protect your business, employees and customers.


    TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.


    Uplevel is the first intelligent cybersecurity system powered by graph-based machine learning. Our platform centralizes and contextualizes security data to provide the insights required for an efficient, powerful response.


    Veriato Log Manager is a software provides reporting and consolidation tools for Windows server event log, Syslog, or even text log files.


    Veriato Recon is a software to insider threat detection. It combines machine learning and advanced statistical analysis to uncover indicators of compromise traditional preventative security measures miss.


    Wapack Labs is a cyber intelligence operation designed to monitor and report on threats to IT, key personnel and investments in dozens of venues, and make that data available in both human and machine readable formats.