Group-IB Threat Intelligence offers strategic insights for financial institutions, enhancing threat detection and response capabilities through advanced features such as sandbox and site intelligence, effectively aiding in security operations.
| Product | Mindshare (%) |
|---|---|
| Group-IB Threat Intelligence | 1.9% |
| Recorded Future | 6.7% |
| CrowdStrike Falcon | 4.5% |
| Other | 86.9% |
Group-IB Threat Intelligence plays a crucial role in protecting tier-one banks in Indonesia against cyber incidents. It leverages strategic, operational, and technical intelligence to support threat hunting, incident response, and vulnerability management. Equipped with capabilities for continuous assessment of compromised activities and strategic threat forecasting, it enables seamless integration with internal systems via STIX, TAXII, or an API. However, it could improve its integration with SIEM and SOAR systems through enhanced middleware and address OT security and dark web intelligence for better industry alignment.
What are the key features of Group-IB Threat Intelligence?Group-IB Threat Intelligence is widely implemented in the financial sector, particularly among tier-one banks in Indonesia. Its integration capabilities via STIX, TAXII, or APIs facilitate intelligence streamlining with existing cybersecurity frameworks. Users focus investments on key cybersecurity technologies, benefiting from strategic threat forecasting and enhanced response mechanisms.
| Author info | Rating | Review Summary |
|---|---|---|
| CTI & Threat Hunter at Telecom Egypt | 4.0 | I use Group-IB Threat Intelligence for threat hunting, incident response, and vulnerability management. Its site intelligence feature is valuable for tracking threat actors and analyzing TTPs, though its dark web intelligence could be improved compared to other solutions. |
| Managing Partner at INTEGRISEC CONSULTING | 4.5 | <p>I use Group-IB Threat Intelligence to build strategic threat forecasts, valuing its comprehensive reports on emerging threats. While it excels in specificity compared to other solutions like CrowdStrike, it could improve by better aligning details with the MITRE ATT&CK framework.</p> |
| Team Lead Threat Intelligence at First Bank of Nigeria Ltd. | 4.0 | I find Group-IB Threat Intelligence essential for defending against cyber incidents, primarily because of its effective sandbox feature. However, there's room for improvement in integrating with SIEM and SOAR solutions, which could enhance its overall performance. |
| CTO at systema | 5.0 | I value Group-IB Threat Intelligence for its strong detection, stability, and responsive support, providing high ROI. However, I note its complex integration, high cost for some, and absence of on-premise options as areas for improvement. |
| Chief Cyber Security Officer at a tech services company with 1,001-5,000 employees | 4.5 | I recommend Group-IB Threat Intelligence. Its threat activation is excellent, setup easy, and support good. While costly, it offers value and stability. I feel its OT security could improve. |
We use Group-IB Threat Intelligence to help us with threat hunting, incident response, and vulnerability management.
We have found the site intelligence features to be the most valuable. We are able to use these features to track threat actors and analyze their tactics, techniques, and procedures (TTPs).
The dark web intelligence could be improved. It is not as good as the intelligence from other solutions.
I have about four months of experience with this solution. We use its XDR and Set Intelligence solutions.
We work with the latest version of Group-IB XDR. We are also using the cloud-based version of Set Intelligence.
I would rate the stability of Group-IB Threat Intelligence as a ten. It is very stable.
I would rate the scalability of Group-IB Threat Intelligence as a ten. It is very scalable.
About ten users are using Group-IB Threat Intelligence in our company. It is used daily in our organization.
It is very good.
Positive
We switched to Group-IB Threat Intelligence because it is better than the other solutions we evaluated.
I would rate my experience with the initial setup as a ten. It was very easy to set up.
It is a proof of concept (POC), so we have not deployed it for production yet.
I would rate Group-IB Threat Intelligence as an eight out of ten. It is a very good solution.
I used it to build the strategic threat forecast. The annual forecast for clients.
We did use it for threat detection, but not directly. I analyze multiple reports, including this one, and assess my client's infrastructure. I identify threats outlined in the reports that may be relevant to the client's infrastructure, and then I help them build detection use cases.
There's no automation. We don't do anything automatically at this point. It's all manual and based on analysis. I can't integrate it into automatic feeds because the report outlines threats that may not be relevant to the client's infrastructure. So, I do the analysis and integrate it manually.
I'm completely satisfied with the way the report is prepared. It's a good report.
The totality of the recordings is quite important. The networks, the new threat actors, the new methods, tactics, techniques, and procedures. The most important is the forecast. It's how the reports depict what's coming.
As the landscape evolves, they could provide a little more detail or specificity to map it to the MITRE ATT&CK framework. Even though it is done in the report, it could be done better.
I used it for four years, since 2020. But recently, I stopped using it.
I would rate the stability a nine out of ten. Ten means outstanding, so I don't give ten for anything.
There is always some room for improvement, but I have had no big issues or troubles with stability.
I would rate the scalability a nine out of ten. It is quite good. I would recommend it for medium and large-sized companies.
I wouldn't recommend it for small companies because their infrastructure is not large enough.
I never needed it.
I find it more relevant than others. Some reports are vague or irrelevant with too much information.
For example, I use CrowdStrike and some other vendors, but I think Group-IB's report is more specific. I am happy with the report.
The initial setup is straightforward. I had no issues with that.
The pricing is alright. It's right on the mark. It costs money, but it's not too high. It's reasonable.
For me, it's a reasonable price for the quality of the product.
Overall, I would rate the solution a nine out of ten.
I would recommend using it.
The solution acts as a defense against cyber incidents.
The tool's most valuable feature is the sandbox.
Group-IB Threat Intelligence should improve integration for SIEM and SOAR solutions.
I have been using the solution for four years.
Group-IB Threat Intelligence is very stable. I rate it a nine out of ten.
We have an enterprise license and unlimited scalability. My company has 10 users.
The tool's deployment is easy. I rate it an eight out of ten. The deployment took a day to complete. You need to feed the public IPs to get whitelisted.
Group-IB Threat Intelligence's pricing is reasonable.
I rate the tool an eight out of ten.
Our primary clients for this solution are tier-one banks in Indonesia. Group-IB Threat Intelligence is very useful for at least three major use cases. These use cases are strategic intelligence, operational intelligence, and technical intelligence. Our customers use Group-IB Threat Intelligence to base their investment on key technologies and invest in cybersecurity. And from the technical and operational standpoint, we streamline Threat Intelligence. We do this by conducting a continuous assessment of compromised activity in the organization, as well as maintaining the relevant prevention procedures against the adversary targeting the banks. Threat Intelligence comes in a SAS version. The only part that requires integration to their internal systems is whenever we want to process the data via STIX, or TAXII, or a certain API connected directly to the Threat Intelligence SAS platform.
The most valuable Group-IB Threat Intelligence features are their detections, especially in terms of account and card information leakage. This data sets Group-IB apart from some of the competition. This data is especially powerful for banks as it helps them understand their fraud activity, employee, and card information procedures better. They also have a powerful life graph system, which provides the customer with full global threat hunting capabilities. They can actually see their whole Internet infrastructure's fingerprint and can map it against the adversary infrastructures.
When implementing Threat Intelligence effectively, the customer can benefit from decreasing their security operations and can focus on precisely which target is attacking their environment. This saves the operational offering, as well as prevents the cyber incident that can impact them the most.
Some clients request a Threat Intelligence Platform which requires Group-IB Threat Intelligence to integrate to it. The Group-IB Threat Intelligence could be integrated directly to internal clients' cyber security system via API and STIX protocol.
However, managing multiple integrations to different security systems is very complicated. An integration middleware might be a solution to manage different integration points which is installed in the client's premise.
I have three years of experience with Group-IB Threat Intelligence.
Performance-wise, we have never experienced any downtime on the Threat Intelligence portal. They provided us with two versions of the portals. Essentially we have two systems running in parallel. This increases availability. If one portal is not accessible, we can use the other newer version of the portal.
The scalability is very good. All data – which often includes years and years of historical data – can be kept on a single platform and is accessible to the customer with a few clicks.
The technical support for this solution is very, very responsive. They help me a lot with setting up evaluation instances for potential clients, for example. Also, whenever we saw potential issues on the dashboard, which happened very rarely, they responded within one to two hours. They have coverage for the Southeast Asian time zone. Their support will respond even after office hours. This gives me extensive tech support around the clock.
Overall, the implementation of the solution is divided into two big processes. The first one is the activation of Threat Intelligence. Typically, the activation doesn't take more than 24 hours. That means within the next day, the customer will already be onboarded on the intelligence platform. The SAS model has been proven to work very well in a lot of multi-tenancy scenarios. So basically when customers onboarded, they can actually directly access the portal and the data will be aggregated in parallel. Now, the second big process that we see from the implementation is actually integration to their SIEM or SOC platforms, as well as the existing security control systems. Such as the next-gen firewall, IPS, or endpoint solutions. This is quite complicated, notably because we have to understand the customer environment. And also, a lot of these processes rely on the majority of those existing security controls that are in place in the organization. Because of this, integration can take a long time, a month or two in some cases, depending on the scale, complexity, and the solution that we are integrating.
The cost of the solution versus the cost of an incident that may have been prevented with it shows a very high ROI. Customers that subscribe to Threat Intelligence can easily prevent an incident that may cost them three to four times the subscription value. For example, if they subscribe for 100 days, they may easily prevent an incident that could cost them at least $300,000 to $400,000 per incident.
The pricing is considerably high. They should lower it if they want to cover a larger section of the market. On the other hand, their current pricing is actually suitable for major banks.
Their licensing is very straightforward. They have a single subscription model. Customers will never encounter any hidden licensing fees because everything is provided in the subscription package. Procurement is straightforward as well.
Threat Intelligence is only usable if you can process the data it provides you with and streamline it into your security operations. If you're not integrating Threat Intelligence into existing cybersecurity controls, you will be overwhelmed with the amount of information that needs to be taken into account.
The first thing I would suggest is to assess how your security operations are being managed right now. This will help you increase your return on investment and the impact of the solution.
Threat Intelligence's best feature is threat activation.
Threat Intelligence's OT security could be improved.
I've been using Group-IB Threat Intelligence for three years.
Threat Intelligence is very stable.
Threat Intelligence can be scaled according to your needs.
Group-IB's technical support is very good - they're responsive and knowledgeable about the product.
Positive
The initial setup was very easy, and I would rate the process as five out of five.
Threat Intelligence is costly, but it gives value for money.
I would recommend Threat Intelligence to others as it gives good results and good ROI, and I'd rate it nine out of ten.
