Alternatives to ThreatBook
Compare ThreatBook alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to ThreatBook in 2026. Compare features, ratings, user reviews, pricing, and more from ThreatBook competitors and alternatives in order to make an informed decision for your business.
-
1
ManageEngine Log360
Zoho
Detect, investigate, and resolve security incidents and threats using a single, scalable SIEM solution. Log360 provides you with actionable insights and analytics-driven intelligence for real-time security monitoring, advanced threat detection, incident management, and behavioral analytics-based anomaly detection. Built as the bedrock for your SOC, ManageEngine Log360 comes with out-of-the-box correlation and workflow rules, dashboards, reports, and alert profiles to help you address vital security issues with little manual intervention. -
2
ManageEngine EventLog Analyzer
ManageEngine
ManageEngine EventLog Analyzer is an on-premise log management solution designed for businesses of all sizes across various industries such as information technology, health, retail, finance, education and more. The solution provides users with both agent based and agentless log collection, log parsing capabilities, a powerful log search engine and log archiving options. With network device auditing functionality, it enables users to monitor their end-user devices, firewalls, routers, switches and more in real time. The solution displays analyzed data in the form of graphs and intuitive reports. EventLog Analyzer's incident detection mechanisms such as event log correlation, threat intelligence, MITRE ATT&CK framework implementation, advanced threat analytics, and more, helps spot security threats as soon as they occur. The real-time alert system alerts users about suspicious activities, so they can prioritize high-risk security threats. -
3
Stellar Cyber
Stellar Cyber
On premises, in public clouds, with hybrid environments and from SaaS infrastructure. Stellar Cyber is the only security operations platform providing high-speed, high-fidelity threat detection and automated response across the entire attack surface. Stellar Cyber’s industry-leading security software improves security operations productivity by empowering security analysts to kill threats in minutes instead of days or weeks. By accepting data inputs from a variety of existing cybersecurity solutions as well as its own capabilities, correlating them, and presenting actionable results under one intuitive interface, Stellar Cyber’s platform helps eliminate the tool fatigue and data overload often cited by security analysts while slashing operational costs. Stream logs and connect to APIs to get full visibility. Automate response through integrations to close the loop. Stellar Cyber’s open architecture makes it interoperable at any enterprise. -
4
Rapid7 MDR
Rapid7
Rapid7 Managed Detection and Response (MDR) is a 24/7 expert-led security service designed to detect, investigate, and respond to threats across the entire attack surface. It delivers managed extended detection and response (MXDR) by correlating signals from endpoints, cloud, network, and third-party security tools. Rapid7 MDR combines advanced technology with a global SOC to provide continuous monitoring and rapid threat containment. The service offers high-fidelity endpoint detection, proactive threat hunting, and managed next-generation antivirus and ransomware prevention. Rapid7 MDR provides full visibility into security activity through integrated SIEM and XDR capabilities, avoiding black-box operations. Unlimited digital forensics and incident response ensure threats are fully eradicated without caps or additional costs. By unifying detection, response, and vulnerability management, Rapid7 MDR helps organizations reduce risk and improve security outcomes.Starting Price: $17 per asset per month -
5
alphaMountain Threat Intelligence APIs and Feeds
alphaMountain AI
alphaMountain’s domain and IP threat intelligence powers many of the world’s leading cybersecurity solutions. High-fidelity threat feeds are updated hourly with fresh URL classification, threat ratings and actionable intelligence on over 2 billion hosts including domains and IP addresses. KEY BENEFITS: Get high-fidelity URL classification and threat ratings for any URL from 1.00 to 10.0. Receive fresh categorization and threat ratings updated every hour, syndicated via API or threat feed. See threat factors and other intelligence contributing to threat verdicts. USE CASES: Use threat feeds in your network security products such as secure web gateway, secure email gateway or next-generation firewall. Call the alphaMountain API from your SIEM to investigate threats or from your SOAR to automate responses such as blocking and policy updates. Detect if a URL is suspicious, contains malware, is a phishing site and which of 89 content categories the site belongs to.Starting Price: $300/month -
6
Lumen Adaptive Threat Intelligence
Lumen Technologies
Adaptive Threat Intelligence helps security specialists quickly neutralize threats before they attack. Leveraging our global network visibility, we provide high-fidelity intelligence correlated to your IP addresses, combined with Rapid Threat Defense to proactively stop threats and simplify security. Automated validation technology developed and deployed by Black Lotus Labs tests newly discovered threats and validates the fidelity of our threat data, minimizing false positives. Rapid threat defense automated detection and response capabilities block threats based on your risk tolerance. Comprehensive virtual offering eliminates the need to deploy or integrate devices and data, and provides a single escalation point. Easy-to-use security portal, mobile app, API feed and customizable alerts that allow you to manage threat visualization and response with context-rich reports and historical views. -
7
Cavalier
Hudson Rock
Cavalier is based on forensic technologies and operational know-how developed at the IDF’s 8200 Unit to counter nation-state adversaries and professional threat actors. It is a unique cybercrime intelligence data source composed of millions of machines compromised in global malware-spreading campaigns. Our high-fidelity data is sourced directly from threat actors and augmented monthly with hundreds of thousands of new compromised machines. Cavalier’s high-fidelity data protects employees, partners, customers, and digital assets with an unprecedented granularity of threat vectors including ransomware, business espionage, breaches & network overtakes. Allows hackers to use existing victims' sessions by importing their cookies and bypassing security measurements. URL accessed by the victim, their login credentials, and plaintext passwords, are used by hackers to hack into employee and user accounts. -
8
Lupovis
Lupovis
Lupovis provides precise, high-fidelity threat identification with a drastically reduced alert-to-noise ratio through a SaaS deception as a service platform. Gain targeted, contextual intelligence specific to your company. Stay steps ahead with insights that pinpoint insider threats, and pre-breach events such as leaked credentials. Dive into actionable intelligence without distractions. Deploy realistic traps and decoys inside and outside of your network, designed to integrate seamlessly with your existing security infrastructure. When an adversary interacts with our no-code deception platform, we raise a high-fidelity alert that allows you to respond immediately. By deploying our threat detection solution, you gain high-fidelity alerts, coupled with contextual and global intelligence. Lupovis protects your organization's sensitive data and high-value intellectual property from theft by deceiving in-network attackers and luring them away from valuable assets.Starting Price: $4,000 per year -
9
CleanINTERNET
Centripetal
While traditional cybersecurity solutions remediate threats as they emerge, CleanINTERNET® shields against threats proactively, preventing them from reaching your network in the first place. The largest collection of high-confidence, high-fidelity commercial threat intelligence in the world, is operationalized so your defenses adapt and defend in parallel with the threat landscape. Applying over 100 billion indicators of compromise from real-time intelligence feeds, updated every 15 minutes, to protect your network. The fastest packet filtering technology on the planet is integrated at your network’s edge with no latency, enabling the use of billions of threat indicators so malicious threats are dynamically blocked from entering your network. Highly skilled analysts augmented by AI technology monitor your network, providing automated shielding based on real-time intelligence, and validated by human expertise. -
10
Intel 471 TITAN
Intel 471
Cybercriminals never sleep. You need round-the-clock threat intelligence to anticipate and track bad actors’ every move, and how they might attack your business. Our customers rely on TITAN, an intuitive intelligence SaaS platform built by intelligence and security professionals for intelligence and security professionals. It enables them to access structured information, dashboards, timely alerts, and intelligence reporting via the web portal or API integration. But TITAN doesn’t stop there. Use TITAN’s programmable RESTful API to power numerous connectors and integrations, integrating and operationalizing customized intelligence into your security operations. TITAN delivers structured technical and non-technical data and intelligence that is continually updated by our global team and automated processes. With structured data, less noise, and high-fidelity results, you can focus your team on the threats that matter most. -
11
threatYeti by alphaMountain
alphaMountain AI
threatYeti by alphaMountain, turns security professionals and hobbyists alike into a senior IP threat intelligence analysts with a browser-based platform that renders real-time threat verdicts for any domain, URL, or IP on the internet. With threatYeti, the risk posed by a domain is rendered instantly with a color-coded rating from 1.00 (low risk) to 10.00 (high risk). threatYeti also protects cyber threat analysts and their networks from risky sites. threatYeti’s no-click categorization presents sites into at least one out of 89 categories so that analysts don’t have to visit them and risk encountering objectionable material or downloading malware. threatYeti also displays related hosts, threat factors, passive DNS, certificates, redirect chains and more, giving analysts the full picture of any host. The result is faster, safer investigations that enable organizations to take conclusive action on domain and IP threats.Starting Price: $0 -
12
ThreatStream
Anomali
Anomali ThreatStream is a Threat Intelligence Platform that aggregates threat intelligence from diverse sources, provides an integrated set of tools for fast, efficient investigations, and delivers operationalized threat intelligence to your security controls at machine speed. ThreatStream automates and accelerates the process of collecting all relevant global threat data, giving you the enhanced visibility that comes with diversified, specialized intelligence sources, without increasing administrative load. Automates threat data collection from hundreds of sources into a single, high fidelity set of threat intelligence. Improve your security posture by diversifying intelligence sources without generating administrative overhead. Easily try and buy new sources of threat intelligence via the integrated marketplace. Organizations rely on Anomali to harness the power of threat intelligence to make effective cybersecurity decisions that reduce risk and strengthen defenses. -
13
Core Network Insight
Core Security (Fortra)
Instead of monitoring specific assets or the network itself, these security solutions constantly watch network traffic, creating a picture of what normal traffic patterns look like. With a baseline developed, NTA tools can then flag traffic abnormalities as possible security threats. Though there are multiple approaches to this, NTA tools should have some degree of analysis of anomalies to determine whether it’s a harmless abnormality, or a true threat. With network traffic monitoring, Network Insight observes device behavior in real time. It is continually capturing and correlating evidence using multiple detection engines to arrive at a verdict of "suspected" or "infected." The Case Analyzer, a context aware network traffic analysis and threat intelligence engine, confirms the infection, and a series of risk profilers assess and prioritize the infection based on the determined risk level. -
14
Palo Alto Networks AutoFocus
Palo Alto Networks
Tomorrow's operations depend on unrivaled threat intelligence, today. Power up investigation, prevention and response with AutoFocus. Palo Alto Networks, provider of the industry-leading next-generation firewall, has made the world’s highest-fidelity repository of threat intelligence, sourced from the largest network of sensors, available for any team or tool to consume. AutoFocus™ contextual threat intelligence service is your one-stop shop for threat intelligence. Your teams will receive instant understanding of every event with unrivaled context from Unit 42 threat researchers, and you can embed rich threat intelligence in analyst’s existing tools to significantly speed investigation, prevention, and response. Get unique visibility into attacks crowdsourced from the industry’s largest footprint of network, endpoint, and cloud intel sources. Enrich every threat with the deepest context from worldrenowned Unit 42 threat researchers. -
15
Trellix Network Security
Trellix
Gain unparalleled visibility and apply state-of-the-art, signatureless detection and protection against the most advanced and evasive threats, including zero-day attacks. Improve analyst efficiency with high-fidelity alerts that trigger when it matters most, saving time and resources and reducing alert volume and fatigue. Generate concrete real-time evidence and Layer 7 metadata to provide further security context to pivot to investigation and alert validation, endpoint containment, and incident response. Detect multi-flow, multi-stage, zero-day, polymorphic, ransomware, and other advanced attacks with signature-less threat detection. Detect known and unknown threats in real-time while also enabling back-in-time detection of threats. Track and block lateral threats propagating within your enterprise network to reduce post-breach dwell time. Separate critical and non-critical malware (such as adware and spyware) to prioritize alert response. -
16
LifeRaft Navigator
Navigator
Consolidate, assess, and investigate intelligence in a single platform. Collect and alert on data relevant to your security operations from social media, deep web, and darknet sources 24/7. Our unified intelligence platform automates collection and filtering, and provides a suite of investigative tools to explore and validate threats. Uncover critical information that impacts the security of your assets and operations. Navigator monitors the internet 24/7 with custom search criteria to detect high-risk threats to your people, assets, and operations from diversified sources. Finding the needle in the haystack is a growing challenge for security operations teams. Navigator provides advanced filtering tools to capture the breadth of the online threat landscape. Uncover, explore, and use a variety of sources to validate intelligence related to threat actors, events, and special interest projects or security issues. -
17
Rapid7 Threat Command
Rapid7
Rapid7 Threat Command is an advanced external threat intelligence tool that finds and mitigates threats directly targeting your organization, employees, and customers. By proactively monitoring thousands of sources across the clear, deep, and dark web, Threat Command enables you to make informed decisions and rapidly respond to protect your business. Quickly turn intelligence into action with faster detection and automated alert responses across your environment. This is made possible through plug-and-play integrations with your existing technologies for SIEM, SOAR, EDR, firewall, and more. Simplify your SecOps workflows through advanced investigation and mapping capabilities that provide highly contextualized alerts with low signal-to-noise ratio. Unlimited 24/7/365 access to our expert analysts shortens investigation times as well as accelerates alert triage and response. -
18
Netenrich
Netenrich
The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures. We put the best of machine and human intelligence—AKA hybrid intelligence—to streamline threat detection, incident response, site reliability engineering (SRE), and several more of your high-profile goals. We start with self-learning machines trained with research, investigation, and remediation actions. Human intervention for tedious, automatable tasks approaches zero, freeing your team and technology to achieve goals like SRE, reduced MTTR, lesser SME dependency, and unprecedented scale without the distraction of running ops. From detection through resolution, the Netenrich platform heavy-lifts exploring and investigating alerts and threats. -
19
Scalable visibility and security analytics across your business. Outsmart emerging threats in your digital business with industry-leading machine learning and behavioral modeling provided by Secure Network Analytics (formerly Stealthwatch). Know who is on the network and what they are doing using telemetry from your network infrastructure. Detect advanced threats and respond to them quickly. Protect critical data with smarter network segmentation. And do it all with an agentless solution that grows with your business. Detect attacks across the dynamic network with high-fidelity alerts enriched with context such as user, device, location, timestamp, and application. Analyze encrypted traffic for threats and compliance, without decryption. Quickly detect unknown malware, insider threats like data exfiltration, policy violations, and other sophisticated attacks using advanced analytics. Store telemetry data for long periods for forensic analysis.
-
20
ThreatWatch Detection & Analytics
Security On-Demand
With ThreatWatch, you can detect both static and advanced threats faster and more accurately than any SIEM tool or threat detection platform. ThreatWatch is the world’s first full-spectrum cyber threat monitoring service designed to bridge the gap between data and action. Quickly find patterns in seemingly random events, continuously analyze all the data, all the time, find high-fidelity threats quickly with an orchestrated response. The key problem in cyber security today is the data. Every day, your devices generate millions or billions of log events and most cyber security tools cannot fully process and analyze all of them for potential threats. -
21
ThreatQ
ThreatQuotient
Threat intelligence platform - ThreatQ, to understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder. ThreatQ can serve as an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning threat library, adaptive workbench and open exchange allow you to quickly understand threats, make better decisions and accelerate detection and response. Automatically score and prioritize internal and external threat intelligence based on your parameters. Automate aggregation, operationalization and use of threat intelligence across all systems and teams. Improve effectiveness of existing infrastructure by integrating your tools, teams and workflows. Centralize threat intelligence sharing, analysis and investigation in a threat intelligence platform all teams can access. -
22
Google Security Operations (SecOps) is an intelligence-driven, AI-powered security operations platform designed to help organizations detect, investigate, and respond to cyber threats at scale. Built as a cloud-native solution, Google SecOps unifies SIEM, SOAR, and threat intelligence into a single operational experience. The platform ingests and analyzes massive volumes of security telemetry with Google-level speed and scalability. Google SecOps applies Google’s curated and applied threat intelligence to uncover high-priority threats faster and with greater accuracy. Generative AI powered by Gemini enhances analyst productivity through natural language search, automated investigations, and contextual insights. Integrated automation and orchestration capabilities enable rapid response using playbooks and collaboration tools. Google Security Operations empowers security teams to reduce risk, improve response times, and modernize their SOC operations.
-
23
D3 Smart SOAR
D3 Security
D3 Security leads in Security Orchestration, Automation, and Response (SOAR), aiding major global firms in enhancing security operations through automation. As cyber threats grow, security teams struggle with alert overload and disjointed tools. D3's Smart SOAR offers a solution with streamlined automation, codeless playbooks, and unlimited, vendor-maintained integrations, maximizing security efficiency. Smart SOAR's Event Pipeline normalizes, de-dupes, enriches and correlates events to remove false positives, giving your team more time to spend on real threats. When a real threat is identified, Smart SOAR brings together alerts and rich contextual data to create high-fidelity incidents that provide analysts with the complete picture of an attack. Clients have seen up to a 90% decrease in mean time to detect (MTTD) and mean time to respond (MTTR), focusing on proactive measures to prevent attacks. -
24
Microsoft Sentinel
Microsoft
Standing watch, by your side. Intelligent security analytics for your entire enterprise. See and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft. Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft. -
25
Proofpoint Emerging Threat (ET) Intelligence
Proofpoint
Proofpoint ET Intelligence delivers the most timely and accurate threat intelligence. Our fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making. Knowing what types of threats exist is no longer enough to protect your people, data, and brand. Emerging Threat (ET) intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after. Get on-demand access to current and historical metadata on IPs, domains, and other related threat intelligence to help research threats and investigate incidents. In addition to reputation intel, you get condemnation evidence, deep context, history, and detection information. It's all searchable in an easy-to-use threat intelligence portal that includes: Trends and timestamps of when a threat was seen and the associated category. -
26
OpenCTI
Filigran
OpenCTI is an open source threat intelligence platform developed by Filigran, designed to help organizations collect, correlate, and leverage threat data at strategic, operational, and tactical levels. It provides a consolidated view of threat data from multiple sources, transforming raw data into actionable insights. It features a sophisticated knowledge hypergraph database, fully compliant with STIX standards, enabling deep context and relationships within threat intelligence. OpenCTI offers comprehensive visualizations and analytics, facilitating comparison and investigation within the knowledge graph. It integrates both technical and non-technical information into a unified system, linking each piece of threat intelligence to its original source for a complete analytical perspective. It also includes powerful case management capabilities, enhancing threat detection and response by centralizing incident-related data and fostering real-time collaboration. -
27
Senseon
Senseon
Senseon’s AI Triangulation thinks like a human analyst to automate the process of threat detection, investigation and response, increasing your team’s efficiency. Displace the need for multiple security tools with one cohesive platform, providing complete visibility across the entire digital estate. Accurate detection and alerting enable IT and security teams to cut through the noise and focus on genuine threats, helping you achieve ‘inbox zero’. Senseon’s unique ‘AI Triangulation’ technology emulates how a human security analyst thinks and acts to automate the process of threat detection, investigation and response. By looking at the behaviours of users and devices from multiple perspectives, pausing for thought and learning from experience, Senseon provides accurate and context-rich alerts. These automated capabilities free security teams from the burden of exhaustive analysis, alert fatigue and false positives. -
28
AT&T Managed Threat Detection and Response protect your organization with 24x7 security monitoring from AT&T Cybersecurity powered by our award-winning USM platform and AT&T Alien Labs™ threat intelligence. 24x7 proactive security monitoring and investigation from the AT&T SOC. Our expert SOC analysts leverage our decades of managed security expertise to help you to protect your business by monitoring and disrupting advanced threats around the clock. Built on Unified Security Management (USM) with multiple security capabilities in one unified platform, we go beyond other MDR services to provide centralized security visibility across your cloud, networks, and endpoints, enabling early, effective detection and a rapid time to deployment. Powered by AT&T Alien Labs threat intelligence with unrivaled visibility of the AT&T IP backbone, global USM sensor network, and the Open Threat Exchange (OTX), AT&T Alien Labs delivers continuous, tactical threat intelligence to the USM platform.Starting Price: $6,695 per month
-
29
UncommonX
UncommonX
UncommonX delivers a hyperconverged, AI‑powered Exposure Management platform that provides complete, agentless visibility across on‑premises, cloud, mobile, and SaaS environments. Its patented Agentless Discovery automatically maps every network element without intrusive agents, while Universal Integration consolidates logs, SIEM data, and threat feeds into a single dashboard. A proprietary Relative Risk Rating (R3) assesses assets in real time against standard NIST factors, and built‑in Threat Intelligence continuously enriches risk profiles. The platform’s Detection and Response module offers a real‑time alert dashboard for rapid investigation, containment, and remediation, and a Central Intelligence feature enables proactive vulnerability assessments and threat hunting. Complementing these core capabilities, UncommonX supports managed MDR/XDR, 24/7 SOC services, Asset Discovery & Management, Vulnerability Management, and MSP‑focused XDR deployments. -
30
SecIntel
Juniper Networks
As the threat landscape evolves and security risks accelerate, you can no longer rely on a single device at the network edge to identify and block threats. Instead, you need a threat-aware network that frees your security analysts to focus on hunting unknown threats and further reduces risk to your organization. SecIntel enables the threat-aware network with a feed of aggregated and verified security data continuously collected from Juniper and multiple other sources. It delivers regularly updated, actionable intelligence to your SRX Series firewalls, MX Series routers and enforcement on Juniper wireless access points, and EX Series and QFX Series switches. Uses curated threat feeds on malicious IPs, URLs, certificate hashes, and domain uses. Infected host and custom threat feeds of all known infected hosts on your network. Allows data from third-party sources, such as industry-specific threat mitigation and prevention input, through custom threat feeds. -
31
Analyst1
Analyst1
Analyst1 offers organizations a more efficient method of gathering and enriching threat intelligence - Inundated with various security tools, analysts rarely have time to investigate and remediate all threats. Analyst1 eliminates labor-intensive tasks required to understand which threats matter most. Built by analysts for the enterprise, Analyst1 allows the ability to author, test and deploy effective countermeasures across multiple intrusion detection and prevention systems. -
32
EclecticIQ
EclecticIQ
EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments. Our solutions are built specifically for analysts across all intelligence-led security practices such as threat investigation, and threat hunting, as well as incident response efforts. And we tightly integrated our solutions with our customers’ IT security controls and systems. EclecticIQ operates globally with offices in Europe, United Kingdom, and North-America, and via certified value-add partners. -
33
Trellix Helix Connect
Trellix
To protect against advanced threats, organizations need to integrate their security and apply the right expertise and processes. Trellix Helix Connect is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Gain comprehensive visibility and control across your entire enterprise by collecting, correlating and analyzing critical data for meaningful threat awareness. Easily integrate security functions without extensive and costly cycles. Make informed and efficient decisions with contextual threat intelligence. Detect advanced threats with machine learning, AI and integrated real-time cyber intelligence. Gain critical context into who is targeting your organization and why. With a smart and adaptive platform, you can predict and prevent emerging threats, identify root causes and respond in real time. -
34
Cyren
Cyren
Cyren Inbox Security is an innovative solution that turns the tables on the phishers and safeguards each and every Office 365 mailbox in your organization against evasive phishing, business email compromise (BEC) and fraud. Continuous monitoring and detection provide early exposure of evasive attack indicators and anomalies. Automated response and remediation for individual mailboxes and across all mailboxes in the organization will take care of the heavy lifting. Our unique crowd-sourced user detection closes the feedback loop on alerts, reinforcing your security training and providing valuable threat intelligence. Comprehensive, multi-dimensional presentation of critical threat characteristics to help analysts understand the evolving threat landscape. Improved threat detection for existing security products such as SIEM and SOAR solutions. -
35
C-Prot Threat Intelligence Portal is a powerful web service for providing access to information about cyber threats. C-Prot Threat Intelligence Portal offers the possibility to check different types of suspicious threat indicators such as files, file signatures, IP addresses, or web addresses. In this way, institutions are informed about potential threats and can take necessary precautions. Detect advanced threats using our advanced detection technologies, including dynamic, static, and behavioral analysis, and our global cloud reputation system with the C-Prot Threat Intelligence Portal. Access detailed information on specific malware indicators, as well as the tools, tactics, and attack types used by cyber attackers. Check for different indicators of suspicious threats such as IP address and web address. Understand threat trends and anticipate specific attacks with complete knowledge of your threat environment.Starting Price: Free
-
36
DigitalStakeout Scout
DigitalStakeout
DigitalStakeout Scout enables your cybersecurity and corporate security team to stand up an open-source intelligence capability on-demand. Solve brand threat intelligence, protective intelligence & executive protection, vulnerability and cyber threat intelligence, and digital risk protection challenges with a cloud-delivered security intelligence platform hosted and fully managed by DigitalStakeout. DigitalStakeout Scout provides the data collection capabilities and analytics technology required to spot and disrupt your organization’s threats, vulnerabilities, and exposures. Using a simple web-based UI, you’ll have an on-demand security intelligence tool that enables your analysts to filter out noise, reduce alert fatigue, accelerate investigations, and make smarter intelligence-led security decisions. DigitalStakeout Scout platform, analysts are 80% more productive, and customers, on average, cut the total cost of ownership of a security intelligence capability by 40%. -
37
Threat Intelligence Platform
Threat Intelligence Platform
Threat Intelligence Platform combines several threat intelligence sources to provide in-depth insights on threat hosts and attack infrastructure. Correlating threat information from various feeds with our exhaustive in-house databases, a result of 10+ years of data crawling, the platform performs real-time host configuration analyses to come up with actionable threat intelligence that is vital in detection, mitigation, and remediation. Find detailed information about a host and its underlying infrastructure in seconds through the Threat Intelligence Platform web interface. Integrate our rich data sources into your systems to enrich results with additional threat intelligence insights. Integrate our capabilities into existing cybersecurity products, including cyber threat intelligence (CTI) platforms, security information and event management (SIEM) solutions, digital risk protection (DRP) solutions, and more.Starting Price: $12.5 per month -
38
Real-time monitoring and analysis allowing you to quickly prioritize, investigate, and respond to hidden threats. A central view of potential threats with built-in workflows removes the complexity of threat protection. Be ready anytime for the audit with automated compliance. Get greater transparency monitoring users, applications, networks and devices. Data correlated and enriched to deliver purposeful intelligence on the threat and how to mitigate. Real-time threat identification and response powered by advanced threat intelligence reduces lead time to protect against threats such as phishing, insider threats, data exfiltration and Distributed Denial of Service (DDOS) attacks.
-
39
Cortex XSOAR
Palo Alto Networks
Orchestrate. Automate. Innovate. The industry’s most comprehensive security orchestration, automation and response platform with native threat intelligence management and a built-in marketplace. Transform your security operations with scalable, automated processes for any security use case. Get up to a 95% reduction in the volume of alerts requiring human review. Cortex XSOAR ingests alerts across sources and executes automated workflows/playbooks to speed up incident response. Cortex XSOAR case management facilitates standardized response for high-quantity attacks while helping your teams adapt to sophisticated one-off attacks. Cortex XSOAR playbooks are complemented by real-time collaboration capabilities that let security teams rapidly iterate to solve emergent threats. Cortex XSOAR offers a new approach to threat intelligence management that unifies threat intelligence aggregation, scoring and sharing with proven playbook-driven automation. -
40
FortiDeceptor
Fortinet
FortiDeceptor provides early detection and isolation of sophisticated human and automated attacks by deceiving attackers into revealing themselves. FortiDeceptor, part of Fortinet SecOps Platform, detects and responds to in-network attacks such as stolen credential usage, lateral movement, man-in-the-middle, and ransomware. Adding FortiDeceptor as part of your cybersecurity strategy helps shift your defenses from reactive to proactive with intrusion-based detection layered with contextual intelligence. FortiDeceptor lures attackers into revealing themselves early at the reconnaissance stage by engaging with a wide range of deception assets distributed throughout your environment. The platform generates high-fidelity alerts based on real-time engagement with attackers and malware, providing attack activity analysis and attack isolation. This helps alleviate the burden on SOC teams inundated with false-positive alerts. FortiDeceptor offers flexible deployment options. -
41
Constella Intelligence
Constella Intelligence
Continuously monitor thousands of data sources across the public, deep & dark web to gain the insights you need to detect and act on emerging cyber-physical threats before damage occurs. And accelerate your investigations by delving deeper into risks threatening your organization. Analyze monikers, enrich information with other datasets, and quickly unmask malicious actors to solve cybercrimes faster. Defending your digital assets against targeted attacks, Constella is powered by a unique combination of unparalleled breadth of data, technology and human expertise from world-class data scientists. Data to link real identity information to obfuscated identities & malicious activity to inform your products and safeguard your customers. Profile threat actors faster with advanced monitoring analysis, automated early warning and intelligence alerts. -
42
ThreatWatch
ThreatWatch
Stay informed on emerging threats using real-time, machine curated threat intelligence. Detect and prioritize threats up to 3 months earlier than leading scanning solutions without redundant scanning or agents. Use Attenu8, our AI platform to prioritize your threats. Secure your DevOps pipeline against open source vulnerabilities, malware, code secrets and configuration issues. Secure your infrastructure, network and IOT devices and any other assets by modeling them as virtual assets. Discover and manage your assets easily with a simple open source CLI. Decentralize security functions using real-time alerts. Integrate with MSTeams, Slack, JIRA, ServiceNow and other ecosystems using our powerful API and SDK. Stay ahead of your adversaries. Get informed on emerging malware, vulnerabilities, exploits, patches and remediations in real-time using our AI powered, machine curated threat intelligence. -
43
Human Defense Platform
HUMAN
HUMAN is a leading cybersecurity company committed to protecting the integrity of the digital world. We verify that digital interactions, transactions, and connections are authentic, secure, and human. The Human Defense Platform safeguards the entire customer journey with high-fidelity decision-making that defends against bots, fraud, and digital threats. Each week, HUMAN verifies 20 trillion digital interactions, providing unparalleled telemetry data to enable rapid, effective responses to even the most sophisticated threats. Recognized by our customers as a G2 Leader, HUMAN continues to set the standard in cybersecurity. -
44
Smokescreen
Smokescreen
Smokescreen is a deception technology & active defense company that provides a solution that blankets your network with decoys to trap hackers. With a demo of our product, IllusionBLACK, you'll understand how adversaries operate and see how decoys planted all over your network provide high-fidelity detections every step of the way. It's easy to understand, easy to use, and we've got you covered on the Perimeter, Cloud, internal network, endpoints, and Active Directory. Launch your first deception campaign using ready-made decoys. Focus on detecting threats instead of wasting countless man-days configuring a new solution. Any interaction with an IllusionBLACK decoy is a high-confidence indicator of a breach. When you get an alert, you know it’s the real deal. Automated forensics and root-cause analysis in two clicks. Accomplish more in a fraction of the time with half the team. Out-of-the-box integrations with SIEMs, Firewalls, EDRs, Proxy, threat intel feeds, SOAR, and more.Starting Price: $7,750 per year -
45
ELLIO
ELLIO
IP Threat Intel delivers real-time threat intelligence that helps security teams reduce alert fatigue and speed up triage in TIPs, SIEM & SOAR platforms. Available as an API for your SIEM/SOAR/TIP or as a local database for most demanding on-premise workloads. The feed provides detailed information on IP addresses observed in the last 30 days, including ports targeted by an IP. Updated every 60 minutes, it reflects the current threat landscape. Each IP entry includes context on event volume over the past 30 days and the most recent detection by ELLIO's deception network. Provides a list of all IP addresses observed today. Each IP entry includes tags and comments with context on targeted regions, connection volume, and the last time the IP was observed by ELLIO's deception network. Updated every 5 minutes, it ensures you have the most current information for your investigation and incident response.Starting Price: $1.495 per month -
46
Google Threat Intelligence
Google
Get comprehensive visibility and context on the threats that matter most to your organization. Google Threat Intelligence provides unmatched visibility into threats enabling us to deliver detailed and timely threat intelligence to security teams around the world. By defending billions of users, seeing millions of phishing attacks, and spending hundreds of thousands of hours investigating incidents we have the visibility to see across the threat landscape to keep the most important organizations protected, yours. Focus on the most relevant threats to your organization by understanding the threat actors and their ever changing tactics, techniques, and procedures (TTPs). Leverage these insights to proactively set your defenses, hunt efficiently, and respond to new and novel threats in minutes. -
47
Leviathan Lotan
Leviathan Security Group
Lotan™ provides your enterprise with the unique capability to detect attacks earlier, and with greater confidence. The fragility of exploits in the face of modern countermeasures and environment heterogeneity often leads to application crashes. Lotan analyzes these crashes to detect the attack and aid the response. Lotan collects crashes using either a simple registry change on Windows, or a small userland application for Linux. A RESTful API allows you to share evidence and conclusions with your existing Threat Defense and SIEM solutions. The API provides insight into each step of Lotan's workflow, including detailed information required to understand and respond to the threat rapidly. Lotan greatly increases the accuracy, rate, and speed with which threats are detected, and impedes the ability of adversaries to operate undetected within your network. -
48
ThreatCloud
Check Point Software Technologies
Real-time threat intelligence derived from hundreds of millions of sensors worldwide, enriched with AI-based engines and exclusive research data from the Check Point Research Team. Detects 2,000 attacks daily by unknown threats previously undiscovered. Advanced predictive intelligence engines, data from hundreds of millions of sensors, and cutting-edge research from Check Point Research and external intelligence feed. Up-to-minute information on the newest attack vectors and hacking techniques. ThreatCloud is Check Point’s rich cyber defense database. Its threat intelligence powers Check Point zero-day protection solutions. Mitigate threats 24×7 with award-winning technology, expert analysis and global threat intelligence. In addition, the service provides recommendations for tuning the customer’s threat prevention policies to enhance the customer’s protection against threats. Customers have access to a Managed Security Services Web Portal. -
49
CYR3CON PR1ORITY
CYR3CON
CYR3CON PR1ORITY approaches cybersecurity from the hacker’s world view, identifying real threats to client assets based on attacker behaviors. Rather than providing broad and non-specific risk management information, PR1ORITY intelligently sources the necessary data that, when analyzed, predicts the likelihood of an actual attack. With multiple options for integration, PR1ORITY gives clients the information they need to proactively manage threats. CYR3CON PR1ORITY predicts which vulnerabilities hackers will exploit through the use of artificial intelligence and real threat intelligence mined from hacker communities. CYR3CON PR1ORITY provides Contextual Prediction™ - the text of the hacker conversations that feed the vulnerability prioritization assessment. CYR3CON PR1ORITY is fueled by hacker community information. Allows defenders to focus on where the threat is going. -
50
Netwrix Threat Manager
Netwrix
Threat detection software from Netwrix to detect and respond to abnormal behavior and advanced attacks with high accuracy and speed. IT infrastructures are getting more complex and the volume of sensitive information stored there is skyrocketing. At the same time, the threat landscape is evolving rapidly, with attacks becoming more sophisticated and more costly. Improve your threat management processes and know about anything suspicious happening in your network, whether it’s an external attack or an insider threat, with real-time alerts delivered via email or mobile notifications. Maximize the value of your investments and enhance security across the IT ecosystem by sharing data between Netwrix Threat Manager and your SIEM and other security solutions. Respond immediately upon threat detection by taking advantage of the extensive catalog of preconfigured response actions, or by integrating Netwrix Threat Manager with your own business processes using PowerShell or webhook facilities.
