Blog

Leveraging Threat Intelligence Platforms to Block Threats

02.11.2021

An Ongoing Blog Series Highlighting ThreatBlockr’s Best-In-Class Threat Intelligence

In our previous blog, we talked about Unleashing the Power of Industry Threat Intelligence. In this blog, we shift our focus to partner integrations and specifically how we work with Threat Intelligence Platforms (TIPs). We’ll take a high level look at what TIPs are and how we work with them. 

Threat Intelligence Platforms (TIPs)

TIPs aggregate, correlate, and analyze threat intelligence data from multiple sources. They provide a central place to aggregate multiple sources of threat intelligence data. Most TIPs do not provide their own threat intelligence data, although many provide open source threat feeds as part of the platform. Some threat intelligence providers have added TIPs or TIP like capabilities to their platforms.

The primary goal of the TIP is to add value to threat intelligence data. This includes: 

  • Automating the management of threat intel feeds;
  • Analyzing and correlating data to produce more actionable insights and intelligence; and 
  • Deploying actionable threat intelligence to existing security controls like SIEMs, SOARs, network security, and endpoint security solutions to take action.

TIPs are typically used by larger enterprises who have made significant investments in threat intelligence data. The most well known TIP providers are companies like Anomali, EclecticIQ, IntSights, Recorded Future, ThreatConnect, and ThreatQuotient. There are also open source options like MISP.

ThreatSTOP is another interesting player in this area and they’ve built a solution that is more tailored for small and mid-sized enterprises.

How ThreatBlockr Interacts with TIPs

At ThreatBlockr, we’ve built an open platform that uses best-in-class threat intelligence from multiple sources and makes it simple for you to integrate third-party threat intel in real time from any source. 

TIPS are one of the key sources when it comes to integrating threat intelligence. So it should be no surprise that TIPs are a key area of our partner integrations. We currently have “out of the box” integrations with Anomali, IntSights, Recorded Future, ThreatConnect, ThreatQuotient, and ThreatSTOP.

These integrations make it easy to incorporate threat intel data from TIPs into the ThreatBlockr platform. ThreatBlockr uses threat intelligence data from TIPs along with the additional data our platform provides to detect and block threats on any network. With ThreatBlockr, organizations are able to deploy threat intelligence to detect and block threats at a scale they can’t do with their firewalls. To put this in perspective, the ThreatBlockr platform can block up to 150 Million third-party IP and domain indicators, which is 100x what a typical firewall can do.

Stay Tuned!

In our coming blogs, we will take a closer look at each of our TIP integrations and partners.

If you are interested in learning more about how organizations are using ThreatBlockr to make threat intelligence actionable in a simple and scalable way join us for our upcoming webinar – Making Threat Intelligence Actionable for Financial Services. We promise you don’t have to be a financial services organization to get value out of this webinar!

As always: