Threat Intelligence Ecosystem
Threats are dynamic and attack vectors change constantly. Respond quickly and minimize damage by using the rich external context enabled by threat intelligence. Immediately know about dangerous IP addresses, files, processes, and other risks in your environment.
LogRhythm seamlessly incorporates threat intelligence from STIX/TAXII-compliant providers, commercial and open source feeds, and internal honeypots, all via an integrated threat intelligence ecosystem. The platform uses this data to reduce false-positives, detect hidden threats, and prioritize your most concerning alarms.
Threat Intelligence Standards
STIX (Structured Threat Information eXpression) is a language for describing cyber threat information in a standardized and structured manner. The Trusted Automated Exchange of Indicator Information (TAXII) provides a trusted, automated exchange of cyber threat information captured in STIX format. These are part of an open, community-driven effort and offer free specifications to help automate the exchange of cyber threat information. LogRhythm provides the ability to add custom STIX/TAXII compliant providers, such as Soltra Edge, enabling organizations that participate in industry-specific or government-led trusted exchanges to easily incorporate threat intelligence into LogRhythm.
Commercial Threat Intelligence Feeds
Anomali makes it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.
Cisco AMP Threat Grid combines static and dynamic malware analysis with threat intelligence into one unified solution. You get timely, in-depth information you need to protect your business from malware of all types. It integrates real-time behavioral analysis and up-to-the-minute threat intelligence feeds with existing security technologies, protecting you from both known and unknown attacks.
CrowdStrike stops breaches by preventing and responding to all types of attacks—both malware and malware-free. CrowdStrike has revolutionized endpoint protection by combining three crucial elements: next-generation AV, endpoint detection and response (EDR), and a 24/7 managed hunting service, all powered by intelligence and uniquely delivered via the cloud in an integrated solution.
Recorded Future arms you with real-time threat intelligence so you can proactively defend your organization against cyber attacks. Its patented Web Intelligence Engine continuously analyzes the entire Web, giving you unmatched insight into emerging threats. Recorded Future helps protect four of the top five companies in the world.
Symantec DeepSight Intelligence provides actionable data about malicious activity sources, emerging threats, and vulnerabilities. DeepSight Intelligence data feeds are derived from proprietary analysis of billions of events from the Symantec Global Intelligence Network. This intelligence can reduce exposure to threats, allowing businesses to act appropriately and quickly, preventing security incidents before they happen.
Webroot® is the market leader in cloud delivered security software as a service (SaaS) solutions for consumers, businesses and enterprises. Webroot delivers real-time advanced internet threat protection to customers through its BrightCloud security intelligence platform, and its SecureAnywhere suite of security products for endpoints, mobile devices and corporate networks.
Open Source Threat Intelligence
Want to leverage open source threat feeds? LogRhythm helps you rapidly incorporate threat intelligence from several open source providers:
- HailaTaxii Open Source Feed
- Malware Domains
- TOR Network