Threat Intelligence Software: Top Products of 2020

    The threat landscape is constantly changing. It’s easy for businesses to fall victim to new cybersecurity threats if they aren’t keeping up to date with new malware and scam tactics. Luckily, threat intelligence software provides information on new threats and system vulnerabilities as it relates to networks, endpoints, and infrastructure.

    To find the right threat intelligence software for your business, you need a platform with information on emerging cybersecurity threats. It should also include details on how to prevent or resolve these issues on different types of networks and devices. Finally, you’ll want to be able to integrate your threat intelligence software with other tools like security information and event management (SIEM) and endpoint detection and response (EDR). To make your search easier, we’ve provided a list of the top eight threat intelligence products for 2020.

    Table of contents

    1. Cisco Threat Grid
    2. Fortigate NGFW
    3. SIRP
    4. Palo Alto Networks Autofocus
    5. Crowdstrike Falcon
    6. IBM X-Force Exchange
    7. SolarWinds MSP Risk Intelligence
    8. ThreatConnect

    Cisco Threat Grid

    Cisco Threat Grid provides intel to help companies proactively defend against cybersecurity threats. The system also reduces investigation time and makes recovery easier when attacks do happen. Threat Grid is an on-premise application designed for companies who have restrictions on sending malware samples into the cloud. It provides threat intelligence for both perimeter and endpoint security.

    Threat Grid also offers advanced search capabilities, allowing users to find information on historical malware attacks and indicators. With this historical knowledge, IT teams will have more insight on what to look for in future attacks. The system also includes threat scores, so cybersecurity teams know which threats to prioritize.

    Key benefits

    • Up-to-date knowledge base of malware and behavioral indicators
    • Real-time identification of attack type
    • Integrates with other security software through API
    • Easy deployment

    Main drawbacks

    • Expensive licenses
    • Patches and updates require users to restart the system
    • Requires on-premise server space

    Fortigate NGFW

    Fortigate NGFW protects organizations from cybersecurity attacks by filtering both internal and external network traffic. This system identifies malware and other attacks to keep them out of the network. Fortigate examines traffic in real time to prevent malware from creeping onto the network without slow user experiences or costly downtime.

    Fortigate NGFW has a range of models available to meet the needs of any size company. The system focuses on edge security and provides full visibility into potential threats. Not only does Fortigate block malware, but it also has the flexibility to adapt as the threat landscape changes.

    Also read: Fortinet Enhances Its Cloud Security Portfolio as Threat Landscape Continues to Shift

    Key benefits

    • Real-time scanning
    • Easy deployment and integration
    • AI-powered security services
    • Intuitive UI

    Main drawbacks

    • Not mobile-friendly
    • New versions have frequent bugs
    • UTM licenses are expensive and an additional cost


    SIRP collects cybersecurity data from all of your different platforms and organizes it all in one place. The data is then placed into separate containers depending on its type. Incidents, threat intelligence, and vulnerabilities are all placed into their own buckets, so it’s easy to find the information you need. The system provides complete visibility into your network and gives users all the information they need to protect it.

    SIRP combines context with the data it collects to give each incident a threat score, so your IT team can prioritize which issues to tackle first. The system also automates parts of your security processes to keep your IT team free to handle larger concerns. SIRP also encourages team collaboration with shared workflow and case management functionalities. Finally, it provides operational metrics, so you can keep track of how your security team is performing.

    Key benefits

    • Helpful and responsive customer support
    • Automation reduces IT operating costs
    • Centralized platform for threat intelligence, risk management, and vulnerability management
    • Modular architecture, so companies can pick what they need

    Main drawbacks

    • Some integrations and customizations require work from the support team
    • Steep learning curve for beginners
    • The playbooks aren’t as robust as some customers would like

    Palo Alto Networks Autofocus

    Autofocus from Palo Alto Networks offers a huge repository of crowdsourced threat intelligence to prepare IT teams for potential threats. This threat intelligence is enriched further with context from Unit 42, a recognized authority on cyberthreats. The robust search features make it easy to research and analyze threats, allowing your IT team to search billions of samples and trillions of artifacts.

    Autofocus lets you customize your dashboards, reports, and alerts, to ensure you’re only getting the data you need. The system contains intel on millions of vulnerabilities for high levels of threat prevention. While some platforms combine threat intelligence and other cybersecurity tools, Autofocus is solely dedicated to threat intelligence and helping IT teams prevent attacks.

    Also read: Palo Alto Networks Autofocus: Threat Intelligence Product Overview and Insight

    Key benefits

    • Detailed, customizable dashboards
    • Complete threat visibility
    • More efficient investigations
    • Advanced network breakdowns

    Main drawbacks

    • Only offers threat intelligence. Some companies might want tools that offer more.
    • Can be difficult to track false positives
    • Price is slightly high compared to similar tools

    Crowdstrike Falcon

    Crowdstrike Falcon is an endpoint protection program that combines antivirus, threat intelligence, device control, and firewall control in even the most basic package. It is a cloud-based, modular platform that allows customers to build an endpoint security system that meets their needs. Modules can either be purchased alone or as part of a larger bundle.

    Crowdstrike Falcon uses different facets of security to help IT teams prevent and stop breaches before they can become larger issues. The threat intelligence tool combines automated analysis with human intelligence, so security teams can stay ahead of attackers by predicting their next move. The basic level automatically investigates incidents and initiates response protocols.

    Also read: EDR vs EPP? You Really Need Both

    Key benefits

    • Only pay for the modules you need
    • Fast detection engine
    • Detailed threat database
    • Thorough breakdown of incidents

    Main drawbacks

    • Backend support is not as helpful as some customers would like
    • Price is per endpoint, which could be prohibitive for some businesses
    • Not all machine types are supported

    IBM X-Force Exchange

    IBM X-Force Exchange not only provides threat intelligence from industry experts, but it also allows you to collaborate with peers to get the best information from a variety of sources. The cloud-based system provides security research assets to help IT teams better understand emerging threats and security risks. Analyze threats and make decisions in near real time.

    Using X-Force Exchange, IT teams can quickly research the latest threats and ensure their networks are fortified against them. With both human and machine-generated intelligence, cybersecurity teams get the best intel to protect against attacks. There are several packages available, so businesses can get the level of security they need.

    Also read: IBM X-Force: Threat Intelligence Product Overview and Insight

    Key benefits

    • Simple user interface
    • Access to a large amount of threat intelligence data
    • Respects ISO compliance
    • Integrates well with other IBM products for a full IT suite

    Main drawbacks

    • Intel can be very general and not detailed enough to be actionable
    • Needs more context
    • AI capabilities are not as robust as some customers would like

    SolarWinds MSP Risk Intelligence

    SolarWinds MSP is mainly geared towards managed service providers (MSP) to help them assess their clients’ networks. The system assigns values to data vulnerabilities to show how likely a breach is and how much it could cost a company. It also prioritizes vulnerabilities, so you know where to start fortifying a network.

    While SolarWinds MSP Risk Intelligence is designed for MSPs, internal IT teams can benefit from the intel as well. The permissions discovery feature ensures that only authorized users can access sensitive information. With vulnerability scanning, you can find the holes in your network and learn the best ways to patch them to protect against emerging threats.

    Key benefits

    • Gives a clear view of breach risks
    • Applies standard monetary figures to unprotected data to give an idea of what a breach of that data could cost the company
    • Antivirus provides real-time protection
    • Backup and recovery options provide protection against ransomware

    Main drawbacks

    • The system sometimes has problems with certain hardware and software combinations
    • Risk isn’t broken down by industry
    • The system sometimes times out on large networks and has to restart


    ThreatConnect unites threat intelligence, security orchestration and response, and cyber risk quantification all in one platform. The system aligns security protocols to the business, rather than taking a one-size-fits-all approach. It streamlines processes and breaks down obstacles between teams to optimize cybersecurity. ThreatConnect also uses risk reduction as a way to measure your IT team’s efforts.

    IT security teams use ThreatConnect to simplify their jobs. The system provides a detailed view into threats for quicker assessments and streamlined processes. It aligns strategic and operational goals to help security teams prioritize the most important vulnerabilities. Additionally, the threat intelligence database allows your company to continually increase defenses and protect against emerging threats.

    Key benefits

    • Advanced features and API make security teams more efficient
    • Playbooks allow for significant automations
    • Helpful and responsive customer service team
    • Easy to keep incidents and indicators organized

    Main drawbacks

    • User interface isn’t very simplified and sometimes takes multiple clicks to get somewhere
    • Some glitches that freeze the system and require restart
    • Some users would like a way to score data from proprietary sources

    Choosing a threat intelligence platform

    As you can see, not all threat intelligence platforms are created equally. When choosing the right security software for your business, it’s important to decide whether you’re only looking for threat intelligence, or you’d like a platform with other offerings, like antivirus or endpoint protection. No matter what you’re looking for, threat intelligence can help you keep your data safe as the threat landscape evolves.

    Jenn Fulmer
    Jenn Fulmer
    Jenn Fulmer is a writer for TechnologyAdvice, IT Business Edge, Channel Insider, and eSecurity Planet currently based in Lexington, KY. Using detailed, research-based content, she aims to help businesses find the technology they need to maximize their success and protect their data.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles