A solution to operationalize actionable data and insights to secure any organization. Anomali ThreatStream provides curated access to the a global repository of threat intelligence, delivering enrichment, contextualization, and detection of known and emerging threats.
N/A
EclecticIQ Platform
Score 9.0 out of 10
N/A
EclecticIQ Platform is an analyst-centric Threat Intelligence Platform (TIP). The vendor says it is optimized for the collection of intelligence data from open sources, commercial suppliers and industry partnerships into a single collaborative analyst workbench. EclecticIQ Platform aims to eliminate the manual and repetitive work involved with processing multiple intelligence feeds. According to the vendor, this means analysts can focus on identifying the most critical threats, take timely…
Parsing is useful information into other tools but can be a hit or miss depending on the tool. In regards to the quality of data, there is room for improvement as there is a constant growth of attackers and their techniques. Anomali Threat stream does well for larger organizations to use in tandem with other security suites.
ElecticIQ has an architecture where it usually needs decent computing power within the organisation. The central console along with the ELK servers and PostgreSQL sever needs their own space in a distributed setup. This could be a little too expensive for small-scale organisations. But for the organizations having mid to large-scale networks. EIQ is a decent solution to serve the purpose.
The user interface, perhaps there is some room for improvement although it is good already.
Confidence assigning process for IOCs needs to be more robust and transparent.
While integration with SIEM solutions is a cakewalk, there is definitely added value if SIGMA rule conversion and YARA rule creation are provided from the platform.
I think they both have their own pros and cons. However, I like Anomali ThreatStream better because of its strong local presence in MENA market which renders great support from the vendor during needy times. I have also figured out that IOC integration with SIEM solutions is fairly easy and straight forward with Anomali ThreatStream.
The most important feature of EclecticIQ which gives it an edge compared to other TIPs is that it performs segregation of IOCs based on the relevance of it and the links that IOCs might have which other adversaries. The graphical format mapping where the user can easily figure out how the IOCs have connections to different binaries is another advantage. One can set the half-life time for an IOC which will reduce the confidence score as per one's need.
We have seen a positive ROI as the security monitoring is taken to the next level when it is augmented with threat intel data that Anomali provides.
Our customers are very satisfied with the periodic threat reports that we send, which are created using Anomali ThreatStream.
The overall business objectives are met as Threat Intel is one of the most important pillars when it comes to providing security services, and we use Anomali ThreatStream extensively for that.
