Top 10 Cyber Threat Intelligence Tools in 2022
Cyber threat intelligence tools scan the dark web and other sources 24/7 to benchmark your security posture.
Cyber threat intelligence tools scan external sources like the dark web, social media, and cybersecurity research feeds around the clock to provide you with up-to-date and actionable insights. This article lists the top cyber threat intelligence tools that can protect your enterprise in 2022, along with the five features to look for when shortlisting a tool.
Table of Contents
Key Must-Have Features of Cyber Threat Intelligence Tools in 2022
A cyber threat intelligence tool helps you collect and analyze threat information from multiple external sources to protect your enterprise from existing vulnerabilities and prepare for future ones.
Cyber threat intelligence is a maturing market, with nearly half of the world’s enterprises having a formal team dedicated to this function. According to the 2021 SANS Cyber Threat Intelligence (CTI) Survey, 44.4% have a formal, dedicated team, and another 13.8% have a single dedicated cyber threat intelligence professional. Enterprises also use various cyber threat intelligence tools such as external news feeds, community information sharing, and enterprise-grade cyber threat intelligence software.
While your cyber threat intelligence tool choice needs to cater to the unique needs of your organization and the ecosystem that you operate in, there are five essential features that you should keep in mind. If you are looking to adopt a cyber threat intelligence tool in 2022, make sure that they are:
Key Features of Cyber Threat Intelligence Tools
1. Data-driven
Cyber threat intelligence is built on a bedrock of data and analytics. The tool must collect information from multiple public, gated, and third-party sources to create a reliable repository of threat-related knowledge. When a malicious entity initiates an attack, it typically leaves behind a fingerprint or cyber threat indicator. A cyber threat intelligence tool must gather data on cyber threat indicators from around the world to power predictive and proactive defense.
2. Flexible
The tool you choose must be sufficiently flexible to meet diverse use cases. For instance, it should connect with branch offices and distributed locations to give you centralized visibility. Or, you may want to integrate it with the internal security information and event management (SIEM) platform and check IT events against potential anomalies. Ideally, your cyber threat intelligence tool should be compatible with all major IT infrastructure and environments.
3. External-focused
The primary difference between cyber threat intelligence tools and other types of vulnerability management software is that it is squarely focused on external threats. It may integrate with internal systems to aid in threat detection and response, but its key purpose is to scan external data feeds, repositories, and sources to document emerging threat types. This ensures that you stay protected against unfamiliar and zero-day attacks.
4. Comprehensive
Your cyber threat intelligence tool must provide complete protection across all devices, cloud and on-premise services, and network ports. To achieve this, it must scan massive volumes of external feeds that cover threat information from around the world – even the dark web, if that is a requirement at your organization. Typically, open source cyber threat intelligence feeds will enable access to publicly available information, while commercial tools aid in widespread discovery and deeper analysis.
5. Extensible
The cyber threat intelligence tool must be easily extensible so that you can connect it with the rest of your cybersecurity landscape. Some tools focus on application programming interface (API) services so that you can embed a robust threat intelligence feed into a homegrown security app. Others may have a ready-to-use integration marketplace. Apart from this, it must co-exist with different environments, logging and compliance tools, and hardware variants to provide dynamically compatible intelligence and protection.
See More: What Is Cyber Threat Intelligence? Definition, Objectives, Challenges, and Best Practices
Top 10 Cyber Threat Intelligence Tools in 2022
The global cyber threat intelligence market was valued at $392.2 million in 2020 and is expected to reach $981.8 million by 2023, as per Statista. There are several leading companies in this segment, and they can equip you with powerful tools to take on sophisticated threat variants. Here’s our list of the top 10 cyber threat intelligence tools to consider in 2022 (arranged in alphabetical order).
Disclaimer: This list is based on publicly available information and may include vendor websites that sell exclusively to mid-to-large enterprises. Readers are advised to conduct their final research to ensure the best fit for their unique organizational needs.
1. Cisco Umbrella
Overview: Cisco is among the world’s largest security and networking solutions providers. Cisco Umbrella is a cloud-based solution that leverages threat intelligence to protect your endpoints, remote users, and office locations.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It extracts cross-product security data from the Cisco infrastructure and third-party sources.
- Flexible: It is available in multiple plans and packages that focus on cloud access, web security, and data loss prevention.
- External-focused: It utilizes both external data and close internal monitoring to detect and isolate threats.
- Comprehensive: It offers end-to-end visibility and protection from phishing, malware, and ransomware attacks.
- Extensible: You can gain from select APIs and native connectors.
USP: Cisco Umbrella is built on the company’s SecureX offering, which is a consolidated platform for threat intelligence, detection, analysis, and response. This facilitates greater scalability through a unified cloud-native console.
Pricing: Cisco Umbrella is available in multiple packages starting at $2.25 per user per month.
Editorial comments: Cisco Umbrella is designed primarily for large, distributed organizations with potential blindspots in its security posture. Companies can choose this solution to protect against network-related attacks.
2. DeCYFIR
Overview: DeCYFIR is a cyber threat intelligence tool from Singapore-based cybersecurity company CYFIRMA. It helps discover and decode threats directly from the locations where hackers operate.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It can discover signals, conduct threat analysis, and erase the noise to give you reliable data.
- Flexible: It offers a varied suite of analytics capabilities to meet different use cases, such as brand impersonation.
- External-focused: Not only does it detect external indicators, but it can also correlate external threats with existing vulnerabilities.
- Comprehensive: It provides a complete cyber threat intelligence solution through additional training and education.
- Extensible: It can be integrated with your existing infrastructure on request.
USP: DeCYFIR enables situational awareness so that you can anticipate new attacks, unearth potential vulnerabilities, and predict threat impact. This also includes insights on cyber laws, regulations, and policies around the globe.
Pricing: Pricing varies as per environment and requirements – for example, the all-in-one AWS implementation costs $20,000 per month.
Editorial comments: DeCYFIR provides threat intelligence as per six discrete pillars — attack surface discovery, vulnerability intelligence, brand intelligence, digital risk discovery and protection, situational awareness, and cyber intelligence. This makes it a better fit for large enterprises than small and mid-sized organizations.
3. Echosec
Overview: Echosec is a Canadian company specializing in open-source intelligence (OSINT) tools. Its flagship platform leverages social media and dark web data to protect your enterprise.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: Echosec uncovers urgent and real-time risk information and can even extract data from the deep and dark web.
- Flexible: You can perform various activities using Echosec, from internal threat monitoring to ad-hoc dark web search.
- External-focused: It connects with numerous external data sources such as illicit forums, dark web marketplaces, and global security feeds.
- Comprehensive: It offers 24/7 monitoring and complete protection through pre-built data search filters.
- Extensible: It can co-exist with your other security tools and feed information to them directly.
USP: Echosec is easy to use and provides actionable results in a matter of seconds. It claims to accelerate the generation of threat intelligence insights by 288%.
Pricing: Pricing for Echosec is undisclosed.
Editorial comments: Unlike several other solutions, Echosec is used by large and small organizations alike. You can also leverage its standalone API to strengthen existing InfoSec systems.
4. GreyNoise
Overview: GreyNoise is a U.S.-based cybersecurity startup that helps reduce false positives when analyzing threat intelligence information. It gathers information classified as noise, which may get missed by a security analyst.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It collects IP label data to delineate instances where security tools are saturated with noise.
- Flexible: GreyNoise insights are delivered through APIs and visualizers that can be adapted for multiple scenarios.
- External-focused: The tool only looks at internet-based data and public servers to find any instance of enterprise security compromise.
- Comprehensive: GreyNoise can highlight emerging threats, provide contextualized information, and find actionable alerts by scanning hundreds of thousands of IPs.
- Extensible: It can be connected with virtually any IT system through APIs and integrations.
USP: GreyNoise has a unique RIOT or Rule It Out capability that correlates user activity, business applications, and server data to add context to alerts.
Pricing: Pricing starts at $25,000 per year, and a free Community edition is also available.
Editorial comments: GreyNoise maintains a dynamically updated threat intelligence database that you can leverage to monitor different types of attacks around the world. This openly accessible database can be helpful to independent users.
5. IntSights External Threat Protection (ETP) Suite
Overview: IntSights ETP Suite is a 360-degree cyber threat intelligence tool by the NASDAQ-traded cybersecurity company, Rapid7. It provides you with rich and actionable insights in 24 hours.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It collates data from clear, deep, and dark webs, external threat feeds, and custom research to reveal trends and power analysis.
- Flexible: It is extremely flexible and can adapt to use cases like phishing protection, brand security, fraud detection, and data leak detection.
- External-focused: It zeroes in on external channels like black markets and social media, including custom research.
- Comprehensive: It is a comprehensive tool that protects against all cyber risk types.
- Extensible: It can be integrated with enterprise systems through use-case-specific solutions or APIs.
USP: IntSights ETP Suite is a global platform that supports all major languages, including German, Portuguese, Japanese, French, and others. This dramatically reduces the learning curve for IT teams seated in non-English-native regions.
Pricing: Pricing for IntSights External Threat Protection (ETP) Suite is undisclosed, but you can access a free threat intelligence report.
Editorial comments: IntSights can be deployed as an end-to-end suite or as separate modules for external intelligence, threat investigation, vulnerability risk analysis, and third-party analysis. The mode of deployment will depend on your precise enterprise needs.
See More: What Is Cyber Threat? Definition, Types, Hunting, Best Practices, and Examples
6. Luminar by Cognyte
Overview: Cognyte is a security analytics company that was formerly part of Verint Systems. Luminar is Cognyte’s cyber threat intelligence tool that makes it possible to run a proactive, research-backed cybersecurity strategy.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It monitors all corners of the web with continuous live updates and automated data harvesting.
- Flexible: You can customize Luminar’s dashboards, set up automated processes, and adapt the tool for your needs.
- External-focused: It converts external data on potential threats into actionable intelligence.
- Comprehensive: It covers multiple domains like financial crime or cyber-terrorism and can generate insights in 20+ languages.
- Extensible: It integrates with your existing security ecosystem to send alerts, deliver updates, and form correlations.
USP: In addition to the above features, Luminar offers expertise in cutting-edge investigative analytics. You can leverage the solution for AI-based web investigations and blockchain security analytics.
Pricing: Pricing for Luminar is undisclosed.
Editorial comments: Luminar is typically deployed by public sector organizations and public utility sectors like telecom, owing to its expertise in financial crime and cyber terrorism. It benchmarks external threat data against your internal requirements to deliver the most relevant results.
7. Recorded Future
Overview: Recorded Future is a U.S.-based cybersecurity company that delivers predictive cyber threat intelligence. This also includes information on the brand, SecOps, fraud, vulnerability, and geopolitical threats.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It is built on the Intelligence Graph, a reference data set curated over 10+ years and continuously updated.
- Flexible: It assesses threat indicators for various risks that your enterprise may face, and you can narrow down your search using advanced filters.
- External-focused: It considers multiple external threat signals to reveal any kind of risk you might encounter in the future.
- Comprehensive: It delivers a comprehensive and end-to-end view of the threat lifecycle from the attacker to midpoint to target.
- Extensible: It connects with your SIEM and security orchestration, automation, and response (SOAR) and has a growing integration marketplace.
USP: Recorded Future aligns the insights as per specific job roles and risk areas, whether for third-party vendor assessment or brand integrity management. This significantly reduces noise and provides the right stakeholders with the most relevant threat intelligence results.
Pricing: Pricing varies as per the implementation environment, starting at $10,000 for AWS.
Editorial comments: Recorded Future has accumulated a large repository of proprietary technical sources over the last 10 years. You can also gain from the Recorded Future mobile app.
8. Threat Intelligence APIs
Overview: Threat Intelligence API is a collection of cyber threat intelligence integrations available at threat intelligence.com, a U.S.-based cybersecurity company. It is part of Whois API Inc.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It connects with a vast group of web, mail, and nameservers to analyze and benchmark your organization.
- Flexible: This cyber threat intelligence tool is inherently flexible due to its API-based architecture.
- External-focused: It scans multiple threat data repositories and the company’s own collection of rich databases, built over several years.
- Comprehensive: It covers a wide spectrum of use cases, helping with the analysis of domain infrastructure, SSL certificate and configurations, domain reputation, and malware.
- Extensible: The API architecture makes it infinitely extensible, and you can also gain from documentation and code samples.
USP: Threat intelligence APIs utilize 120+ parameters and a wealth of information, including proprietary research, to generate in-depth analysis in seconds. It is among the very few cyber threat intelligence tools to operate as an API-only solution.
Pricing: Pricing starts at $15 per month, along with a free (limited) plan.
Editorial comments: Small and mid-sized organizations, independent developers, and startups can pick and choose the APIs they need to solve targeted security problems. It may not be ideal for large enterprises looking for a unified tool.
9. ThreatFusion
Overview: ThreatFusion is a cyber threat intelligence tool by U.S.-based cybersecurity company SOCRadar. It uses artificial intelligence and big data to assist in threat investigations.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It has a big data-powered module to discover real-time indicators and form accurate correlations.
- Flexible: It is highly flexible and agile so that you can receive accurate results from the dark web, third-party research, and other sources.
- External-focused: ThreatFusion includes the ThreatShare module, which collates external data from hacker chatter on social media and dark web communication channels.
- Comprehensive: Not only does it cover a sizable body of external threat knowledge, but it also auto-aggregates insights from weekly news.
- Extensible: You can extend the platform through API-ready feeds and connectors.
USP: It is among the few cyber threat intelligence tools that protect against credential stuffing campaigns, a common threat tactic in the ecommerce and online services sector. It also pays special attention to advanced persistent threat (APT) groups.
Pricing: ThreatFusion is available in Standard, Professional, Enterprise, and Premium editions, which are all custom priced.
Editorial comments: ThreatFusion equips you with detailed information in an easy-to-consume snapshot format – ideal for small teams. Larger organizations use ThreatFusion alongside SOCRadar’s other offerings like RiskPrime and AttackMapper.
10. ZeroFox
Overview: ZeroFox is a U.S.-based company that offers security intelligence to prevent phishing, impersonations, malicious domains, and data leakage. It recently announced its plans to become a publicly-traded company.
Key features: The key features of this cyber threat intelligence tool include:
- Data-driven: It monitors the dark web for ransomware and data leakage chatter, coupled with expert intelligence feeds.
- Flexible: It provides flexibility by combining artificial intelligence with human intelligence to analyze every threat.
- External-focused: ZeroFox is designed solely for external threat protection, protecting your brand and senior executives from malicious attacks.
- Comprehensive: It provides complete protection by helping to eliminate hackers through Adversary Disruption and Takedown-as-a-Service.
- Extensible: ZeroFox has an impressive integration library covering all popular IT tools.
USP: ZeroFox offers the unique ability to block attackers by dismantling their infrastructure with its huge partner network. It finds and takes down unwanted content posted via malicious profiles and works on your organization’s behalf to automate the process.
Pricing: Pricing for ZeroFox is undisclosed.
Editorial comments: ZeroFox’s app library is among the most expansive in the market. Companies that want a quick deployment process powered by pre-built connectors should explore this tool.
See More: Threat Hunting: What It Is and Why It’s Necessary
Product Comparison of the Best Cyber Threat Intelligence Tools in 2022
Here are the key highlights of the above cyber threat intelligence tools:
| Overview | USP | Pricing | |
|---|---|---|---|
| Cisco Umbrella | It is a cloud-based solution that leverages threat intelligence to protect endpoints, remote users, and office locations. | It is built on SecureX, which facilitates greater scalability through a unified cloud-native console. | It is available in multiple packages starting at $2.25 per user per month. |
| DeCYFIR | It is a cyber threat intelligence tool from Singapore-based CYFIRMA that decodes threats directly from the locations where hackers operate. | It enables situational awareness to anticipate attacks based on current cyber laws, regulations, and policies around the globe. | Pricing is variable; all-in-one AWS implementation costs $20,000 per month. |
| Echosec | It is a Canadian company that leverages social media and dark web data to protect your enterprise. | It is easy to use and claims to accelerate the generation of threat intelligence insights by 288%. | Pricing is undisclosed. |
| GreyNoise | It is a cybersecurity startup that reduces false positives by gathering information classified as noise to be safely ignored. | It has a RIOT or Rule It Out capability that correlates user activity, business applications, and server data to add context to alerts. | Pricing starts at $25,000 per year, and a free Community edition is also available. |
| IntSights ETP Suite | It is a 360-degree tool that provides you with rich and actionable insights in 24 hours. | It supports all major languages like German, Portuguese, Japanese, French, etc., reducing the learning curve for IT teams in non-English-native regions. | Pricing is undisclosed. |
| Luminar by Cognyte | It is a cyber threat intelligence tool (formerly part of Verint Systems) that makes it possible to run a proactive, research-backed cybersecurity strategy. | It offers expertise in cutting-edge investigative analytics, such as AI-based web investigations and blockchain security analytics. | Pricing is undisclosed. |
| Recorded Future | It is a U.S.-based cybersecurity company that delivers predictive intelligence on cyber, brand, SecOps, fraud, vulnerability, and geopolitical threats. | It aligns insights as per job roles – e.g., for third-party vendor assessment or brand integrity management. | Pricing varies as per the implementation environment, starting at $10,000 for AWS. |
| Threat Intelligence APIs | It is a set of cyber threat intelligence integrations by threatintelligence.com, part of U.S.-based Whois API Inc. | It utilizes 120+ parameters for in-depth analyses and is among the very few cyber threat intelligence tools to operate as an API-only solution. | Pricing starts at $15 per month, and there is a free (limited) plan. |
| ThreatFusion | It is a cyber threat intelligence tool by U.S.-based SOCRadar that uses AI and big data. | It protects against credential stuffing campaigns and pays special attention to advanced persistent threat (APT) groups. | It is available in Standard, Professional, Enterprise, and Premium editions (custom pricing). |
| ZeroFox | It is a U.S.-based company that helps prevent phishing, impersonations, malicious domains, and data leakage. | It blocks attackers by dismantling their infrastructure and takes down unwanted content by working on your organization’s behalf. | Pricing is undisclosed. |
Key takeaways
2022 will be an important year for cyber threat intelligence. As per the 2021 SANS survey, the biggest inhibitor to cyber threat intelligence utilization was the lack of in-house skills. The tools discussed in this article make actionable insights available to InfoSec teams without requiring rigorous training or complex setup and configuration. Next-gen cyber threat intelligence tools like these are essential to improve enterprise resilience and protect against external (in addition to internal) attacks.
Do you agree that scanning external sources is as important as checking for internal vulnerabilities? Tell us on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON CYBER THREAT
- What Is Threat Modeling? Definition, Process, Examples, and Best Practices
- Top 10 Threat Modeling Tools in 2021
- What Is an Advanced Persistent Threat? Definition, Lifecycle, Identification, and Management Best Practices
- What Is Unified Threat Management (UTM)? Definition, Best Practices, and Top UTM Tools for 2021
- Top 10 Unified Threat Management Software: Vendor Evaluation and Feature Comparisons Guide for 2021
