What is our primary use case?
We use ThreatBook to monitor the east-west and north-south network traffic and detect abnormal behaviors and provide contextual intelligence to support our threat hunting and incident response.
ThreatBook helps with threat hunting and incident response by providing very high accurate threat intelligence, aggregating all the alerts from attacker perspectives, and showing all the attack paths, which helped us easily do the attribution and threat investigation.
ThreatBook has very low false positives, allowing us to focus on the real threats and reduce a lot of work on noise reduction.
We purchased ThreatBook through the AWS Marketplace.
How has it helped my organization?
ThreatBook has positively impacted our organization by allowing us to detect all alerts and threats effectively. In the past, we needed to search logs from various sources, including terminals, DI servers, and firewalls, collecting a lot of logs and searching the internet for contextual information about threat actors. After using ThreatBook TDP, all alerts and contexts are easily displayed on the dashboard, making it very helpful for us.
During the incident response scenario, ThreatBook saves us over 80% of the time for each incident. We usually took about one day or two days for attribution and understanding how the attacker attacked us, but after using ThreatBook TDP, we usually take around one or two hours to finish all these tasks. Additionally, their AI techniques save a lot of time, allowing me to ask in natural language for explanations about the meaning and target of the attacker.
What is most valuable?
The most useful feature that ThreatBook offers is compromise detection, as it directly shows the number of compromised hosts on the dashboard so we can quickly identify which devices have been compromised. Another valuable feature is the intelligent aggregation.
The intelligent aggregation feature can gather all the alerts into incidents and show the attack paths and attack timeline from threat actor perspectives, providing a clear picture of the attack and how it occurred. This is really helpful for our threat hunting.
What needs improvement?
To improve ThreatBook, it would be great if TDP could integrate with our ITSM system to streamline tasks and incident management, which I hope will be provided in the future.
I chose a rating of nine to 9.5 instead of a perfect ten because while everything is perfect, we use an ITSM system, and it would be better if TDP could integrate with that system.
For how long have I used the solution?
I have been using ThreatBook TDP for nearly three years.
What do I think about the stability of the solution?
ThreatBook is totally stable.
What do I think about the scalability of the solution?
ThreatBook's scalability supports cluster mode and cascade mode, making it quite easy for us to manage since we have many offices in different regions.
How are customer service and support?
Their customer success team is excellent, and the engineers understand both the product and our network environment as well as our operational requirements, hence it's excellent.
I would rate the customer support absolutely as ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We did not use any dedicated NDR solution before ThreatBook, but we conducted a lot of research and compared several NDR vendors prior to purchasing.
How was the initial setup?
The initial setup with ThreatBook is very easy with no issues arising.
ThreatBook integrates well with other AWS services we use, working smoothly with our existing AWS infrastructure.
What about the implementation team?
The configuration process requires almost nothing to be configured after the first setup, and the ThreatBook implementation team helped us fine-tune the detection rules based on our environment, so nearly nothing is done from our side.
What was our ROI?
We’ve seen strong ROI through reduced incident response times, increased threat visibility, and less time wasted on false positives.
What's my experience with pricing, setup cost, and licensing?
The procurement process is easy because it operates on a subscription model; when I need it, I just pay for it.
The metering and billing experience is clear and straightforward, with the bill being very clear, showing no extra fees, and all costs displayed on the bills.
The pricing is a little bit high for the NDR market, but it is absolutely worth it given the high quality capabilities, and the licensing is flexible as I can pay based on my requirements.
Which other solutions did I evaluate?
We evaluated some NDR solutions such as ExtraHop, Darktrace, and Cyber Command.
What other advice do I have?
We are just customers and do not have any business relationship with the vendor other than that. I was not offered a gift card or incentive for this review.
I think if you have never used an NDR solution, it's very important to choose a low false positive and high accuracy NDR solution. I want to emphasize that ThreatBook TDP is the best choice for you, and you can trust it.
My overall rating for ThreatBook is nine to 9.5 out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
