Best Threat Intelligence Software

Threat intelligence software provides organizations with information related to the newest forms of cyber threats like zero-day attacks, new forms of malware, and exploits. Companies utilize the tools to keep their security standards up to date and fit to combat new threats as they emerge. These tools can improve security performance by providing information on threats to their specific networks, infrastructure, and endpoint devices. These products provide information about hazards and how they function, their capabilities, and remediation techniques. IT administrators and security professionals use the data delivered to better protect their systems from emerging threats and plan for possible vulnerabilities. The tools alert users as new threats emerge and provide information detailing best practices for resolution.

Many products like security information and event management (SIEM) and vulnerability management software can integrate with or provide similar information as threat intelligence products. Those products, though, tend to provide live updates and actionable intelligence, and focus on other components of a security ecosystem.

To qualify for inclusion in the Threat Intelligence category, a product must:

  • Provide information on emerging threats and vulnerabilities
  • Detail remediation practices for common and emerging threats
  • Analyze global threats on different types of networks and devices
  • Cater threat information to specific IT solutions
G2 Crowd Grid® for Threat Intelligence
High Performers
Momentum Leaders
Momentum Score
Market Presence
Star Rating

Threat Intelligence reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Threat Intelligence Software
Results: 120
G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
Results: 120
Filter Results
Filter by:
Sort by
Star Rating
Sort By:

    The CenturyLink Adaptive Threat Intelligence service lifts the burden of appliance maintenance and risk analysis from your shoulders, allowing you to act on threats rather than digging for them.

    The Telesoft CERNE combines a high rate 40Gbps IDS engine with automated record of relevant network traffic for real-time and historical threat investigation. CERNE continuously scans and collects all network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event.

    Cloud Conformity is a cloud infrastructure governance system designed to help you prevent, detect, and correct critical threats to your AWS environments. The Real Time Monitoring product in the Cloud Conformity suite gives organizations visibility of infrastructure changes at the event and user level, combined with alert triggers for threat and remediation notifications for instant awareness and resolution. Leveraging both the CloudWatch and CloudTrail AWS services, the dashboard collects actionable analytics across regions, accounts, and resources. Further, an open source auto-remediation (aka self-healing) function is available for use with high-risk policies.

    Corvil transforms network data into streaming machine-time intelligence to run business with full transparency, assured performance, and continuous cyber surveillance of users, infrastructure, applications, and services.

    CounterMeasures� is a web-based risk analysis software from Alion Science & Technology that automates physical/information security assessments and analysis.

    CTX/Soltra Edge leverages the open industry standards of STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) to collect threat intelligence from various sources and convert it into the industry-standard language, revealing information that helps firms make decisions on what actions they need to take to help users better protect their organizations against cyber threats.

    NC4's Cyber Defense Network (CDN) is designed to help our nation's critical infrastructure communities and private sector companies defend themselves against cyber threats with greater efficiency, effectiveness and speed.

    DeceptionGrid automates the deployment of a network of camouflaged malware traps that are intermingled with your real information technology resources.

    Inspired by the brain's natural ability to learn, Deep Instinct is the first successful application of deep learning to cybersecurity. Deep Instinct's neural network's powerful deep learning algorithms, instinctively identify and block zero-day and advanced persistent threats in real time on any device, platform and operating system.

    Detect, learn and predict fraudulent activity using behavioral analysis and machine learning. DetectTA analyzes user behavior and sends alerts on any deviations from established regular behavioral patterns. This cutting-edge machine intelligence can be combined with user-defined analytics, rules, policies, and workflows for comprehensive coverage and flexibility.

    DigitalStakeout discovers threats & vulnerabilities to people, places & things through mining social media, deep web & dark web.

    DNIF utilises threat intelligence in the best way possible. It provides that ‘extra’ information that every analyst craves for. You can not just segregate the blacklisted IPs but also get additional context about your incoming logs through the ‘Enrichment’ feature. DNIF Threat Intelligence tool also scans applications against dedicated threat intels and distinguishes whether they are malicious or not. This in-depth analysis helps you identify security threats and make informed decisions and maintain security in your organisation. DNIF provides complete and unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Use cases: - Detecting malicious application using VirusTotal - Detection malicious application using Kaspersky - Detecting malicious domain using domain tools

    This powerful breach detection solution enables analysts to hunt, analyze and visualize all activity relevant to an IT system threat or breach.

    Edgewise Protect reimagines network security to protect where firewalls fail. Machine learning makes protection as easy as one click, while dramatically raising the cost and complexity for the attacker.

    Endgame Platform is an endpoint security platform that prevents all device compromise, stops ongoing attacks, and automates the hunt for the next generation of attacks.

    ENSIGN uses a patent-pending high-performance implementation of decomposition algorithms from the mathematics of multilinear algebra to enable the unsupervised discovery of subtle undercurrents and deep, cross-dimensional correlations within these structures.

    The Exabeam Security Intelligence Platform provides organizations of all sizes with comprehensive, end-to-end detection, analytics, and response capabilities from a single security management and operations platform.

    The CrowdStrike Falcon® platform has revolutionized security through the innovative use of the cloud to deliver protection to customers across the globe.

    FireEye Helix is a intelligence-led platform designed to simplify, integrate and automate security operations.

    FireMon is the No.1 Intelligent Security Management solution provider, combining advanced automation and analysis to deliver next-generation security intelligence to enterprise organizations, government agencies and managed security providers. The FireMon product suite enables network security and operations teams to more effectively manage their security infrastructure. Security Manager FireMon Security Manager provides continuous visibility into and control over network security devices and policies in large enterprise environments. Through web-based KPI dashboards, traffic flow analysis and network access mapping, the platform proactively delivers the intelligence IT security, network and compliance teams need to optimize their network device configurations, monitor and validate compliance and review and make policy changes. The addition of the following add-on modules expands the capabilities of Security Manager to include workflow automation and risk analysis. • Policy Planner automates change workflows and gives firewall administrators the necessary tools to evolve policy and protection over time. This web-based module collects user requirements, recommends rule changes, provides detailed risk assessment of requests changes and supports full system audits and verification. Policy Planner uses the BPMN standard, integrating with existing business-process tools and enabling communication throughout the change process. • Policy Optimizer automates the rule review and recertification process. With Policy Optimizer, IT teams can identify troublesome rules, understand why they were created and determine if they remain relevant. The automated workflow generates event-driven or ad hoc rule review, validates rule justification with the policy owner and quantifies the risk of the requested changes so they do not impact service • Risk Analyzer reduces risk by proactively analyzing your network infrastructure, then simulating how attackers might gain access through vulnerabilities in business assets. Risk Analyzer allows IT teams to quickly assess the impact of a potential attack, where multiple exploits can be used in combination and how prepared network defenses are to defeat an attack. Immediate Insight Immediate Insight from FireMon is a real-time security analytics software that brings the speed and simplicity of a search engine to data analysis and discovery. It merges machine learning, correlation and natural language in a simple, workflow-centric interface to reveal relationships in the data that users may not have even known to look for.

    The GigaSECURE Security Delivery Platform is a next-generation network packet broker focused on threat prevention, detection and analytics. The right tools get the right traffic at the right time, every time.

    Identity Guard, created by Intersections Inc., is a trusted provider of award-winning identity theft protection products for consumers and business client.

    Imperva Attack Analytics correlates and distills thousands of security events into a few readable security narratives. The solution employs artificial intelligence and machine learning to simplify application security event investigations, enabling IT organizations to mitigate and respond to real threats quickly and decisively.

    Imperva CounterBreach uses machine learning and analytics to identify suspicious data access and prioritize threats.

    Imperva ThreatRadar Reputation Services identifies and filters out the traffic coming from known bad actors trying to access your websites, mobile applications and APIs.

    Orchestration and automation to accelerate your teams and tools

    Intelligenx enables you to regain control of information security with a variety of solutions that provide adaptable fast environments. We take you a step further on Security and one step ahead of the threats. Intelligenx aggregates all information security data across systems, employees and social markers to provide a single integrated view of your safety.

    iTrust provides cybersecurity risk ratings and risk intelligence to help businesses build trusted relationships with their vendors, partners, and suppliers. iTrust collects and analyzes third-party risk metrics using machine learning to deliver 360 vendor security and compliance visibility. iTrust is designed to be the world's most intelligent cyber risk rating and threat intelligence platform.

    Ixia Application and Threat Intelligence offers continuous real-time data feeds to ensure current application and threat intelligence at all times.

    Founded to address the technology gaps that restrict security modernization efforts, JASK is revolutionizing security operations to reduce organizational risk and improve efficiency through technology consolidation, enhanced AI and machine learning.

    Insights allows you to secure and manage any vulnerabilities, compliance and operational risk that may arise from using open source components.

    LifeLock is an identity theft protection solution that protects its members' personal information from being used by a third party.

    Defines organizational security posture. Determines type, level, volume of sources. Collects, collates, correlates and analyzes telemetry data. Overlays cyber threat intelligence. Derives actionable cyber security intelligence. Cyber security incident response & remediation.

    Musubu provides IP cyber threat intelligence APIs, the MusubuApp IP & Network Threat Intelligence Web Portal, and various integrations with platforms such as SIEM, SOAR, TIP, website (Wordpress) and more. Musubu APIs: Allows organizations to have easy access to detailed network information from their own endpoints efficiently and in bulk using simple queries to the Musubu API. With the latest version of the service, customers can easily assess the security risk posed by their publicly exposed networks, as well as survey their network environments to identify both potential threats and misleading false positive results. This allows customers to quickly filter out non-actionable [false positive] data and focus on the true threats to their organization. These are measured in the API results via: threat_potential_score_pct – Numeric threat score between 0-100. The Score is calculated using “blacklist class”, “blacklist neighbors”, number of recent observations and country of origin. threat_classification – Classification derived from “threat potential score pct” High – Threat score >70 Medium – Threat score from >40 but<70 Low – Any IP unlisted with a threat score <20 Nuisance – Threat score<40 blacklist_class – Field classifying the specific threat vector that has been identified. Contains one of the following values: apache, blacklisted, botnet, botnetcnc, brute force, compromised, ftp, http, imap, mail, malware, phishing, ransomware, shunned, sips, ssh, TOR, worm, zeus blacklist_class_cnt – Field providing the number of sources which have identified the address as malicious. blacklist_network_neighbors – Field providing the number of addresses present on the same subnet which have been identified as malicious. blacklist_observations – Field providing the number of observations (of this IP) in the last 90 days. As well, Musubu's KnownNetworks® data sets also show you the following for any IP address: - Network Name - Network Type - Network Group MusubuApp IP & Network Intelligence Web Portal: MusubuApp is a simple, highly-affordable web application that delivers practical, immediately usable threat intelligence around IP-driven cyber threats – the number one vector of cybercrime for businesses large and small. MusubuApp allows security and information technology (IT) professionals to quickly research, identify malicious servers and clients making connections with their websites, apps, mail servers, cloud servers, and other networked assets. MusubuApp allows users to search in bulk for suspicious IP addresses (IPs) and instantly see a detailed set of data about the IPs such as: The level and severity of cyber threat per IP The types of threats associated with each IP The total volume of cyber threats per IP Other risky IPs in the same subnet The network IPs belong to and what type of network As well, MusubuApp provides key usability features to help operators be more efficient when hunting threats: Bulk IP Search – Users can import up to 500 IPs via JSON or CSV for immediate search and monitoring. Users can also export any results to CSV or JSON for integration elsewhere. Watchlists – Users can create lists of IPs, name and describe them for alerting as well as subject them to advanced data analytics and intelligence modules. Geolocation – Users can see IP addresses and their threat profiles on Google Maps embedded in the application and click to street addresses for individual IPs. They can also search IPs straight onto the map. Tags – Users can tag IPs with useful labels and share them across the user community. Users can also map entire tag sets instantly. Trends & Analytics – Users can instantly gain intelligence from their Watchlists via modules that show things like new threats, rising threat ratings, time-series threat analytics, and much more. 3rd Party Integrations – MusubuApp accommodates things like “click-to-query” for sending entire Watchlist lists into other complementary cyber tools and platforms. As a result of its powerful, but simple features and low cost, MusubuApp is a natural complement to more expensive, enterprise tools such as Security Information and Event Management (SIEM), Threat Intelligence Platforms (TIP), Security Orchestration, Automation and Response (SOAR), and Incident Response (IR). Musubu IP Threat Data for Splunk: "NOTE: Request Free 7-Day Trial API Key via" Use Musubu’s unique IP & Network cyber threat scoring and profiling API right in your Splunk instance to determine the following for each IP: - Cyber Threat Score: A 0-100 rating of how much of a cyber threat the IP may be based on the output of our analytics and algorithms. - Cyber Threat Classification: High-Medium-Nuisance-Low rating of an IPs cyber threat potential for quick identification. - Blacklist Class: The predominant cyber threat vector seen as associated with the IP address (e.g. Phishing, Ransomware, TOR, etc.). - Blacklist Count: The number of major IP blacklisting services that have blacklisted the IP address. - Blacklist Neighbors: The number of other IP addresses in the same subnet that have been blacklisted. - Blacklist Count: The number of times in the last 90 days the IP address has been blacklisted. Simply add one or more data sources to the Musubu Add-on and then you will be able to mouse over each IP address to see our threat profiling data. Use it to perform faster threat detection, threat identification, response, and mitigation. Leverage the “showipthreatdata” custom command within the add-on to make direct calls to the Musubu API from the Splunk search view. See example below - Musubu results for the specified IP are returned in a Tableview.

    NC4 Mission Center is a Managed Service solution that gives public and private sector organizations a highly secure, web-based platform for secure communication and collaboration for cyber threat intelligence sharing. With over ten years' experience in developing "need-to-know", "need-to-share" based solutions, NC4 Mission Center brings dispersed organizations flexible, compartmented data sharing environments configured with effective collaborative tools and functionality required for exchanging critical information. NC4 Mission Center is powerful enough to handle a mission with hundreds of thousands of operational users spanning organizational and geographic boundaries, but easy enough to use for everyday collaboration.

    Netacea Bot Management focuses on preventing automated cyber threats using behavioural analysis and the latest machine learning techniques. Netacea provides a sophisticated multi-tiered approach to identifying and mitigating bot traffic.

    Provides a custom-fit SIEM-as-a-Service on top of our award-winning unified SIEM platform, EventTracker

    The NTT Global Threat Intelligence Platform (GTIP) enables a proactive and truly global resilient cyber defense for our customers.

    Enable your organization to uncover risky user behavior in real-time, investigate incidents, and prevent data exfiltration

    Optiv Security Intelligence provides insights needed to understand adversaries and threat environment.

    Perception Point provides proactive threat protection to SaaS businesses.

    Measure - Picus tells you security effectiveness right now including all emerging threats.; Categorize - Picus helps you prioritize your security resources to where you need it the most.; Monitor - continually asses your resilience to threats.; Alarm - Picus sends alarms for the situations where your security risk increases.

    Plurilock delivers preventative, instantaneous, and continuous solutions for insider threats and regulatory compliance.

    Proofpoint Premium Threat Information Service provides deeper understanding of the ongoing threat landscape and your organization's place in it, enabling you.

    The ProtectWise Grid is changing the way humans interact with security with one of the largest security data sets ever created and analyzed. It captures traffic - flows, metadata and packets - analyzes it in real time, retains it indefinitely, and visualizes it for immediate and effective detection and forensics.

    Red Hat Insights is a predictive analytics software that helps users to predict risks, get guidance and stay secure.

    Risk Ident offers anti-fraud solutions for companies within e-commerce and financial sectors.

    SD Elements is an award-winning platform that translates policies to prescriptive, measurable procedures that are used by IT and Engineering teams to achieve their security and compliance objectives. SD Elements generates and tracks granular controls with a flexible rule- based engine and integrates those controls into ALMs and enterprise workflows used by development teams, including those leveraging DevOps. SD Elements also delivers Just-In-Time training to developers, providing concise, contextual guidance on how to implement controls right when they need it.