What is our primary use case?
Presently, I am using the Threat Intel solution for reputation checks in our daily SOC operations and threat hunting.
We also use it for our alert detection and rule development in our SIEM solution.
This can also be used for real-time suspicious threat detection.
We use the technology for static threat hunting and looking for suspicious activities around the infrastructure.
SOC Operations use the dashboards to look for active threats to present security posture to our client on a daily, weekly, and monthly basis.
How has it helped my organization?
The product has an Intel repository and it can be used for other platform integration, such as SIEM and SOAR solutions.
- McAfee GTI file reputation
- McAfee GTI web reputation
- McAfee GTI web categorization
- McAfee GTI network connection reputation
- McAfee GTI certificate reputation
We can develop it by bringing it into other use cases, integrating it with analytics and big data. We are planning to implement a predictive security solution for future threats.
It can also bring in more refined and defined threat intel feeds.
What is most valuable?
All of the feeds can be enriched by using the predefined content pack, which can be deployed and used by SOC operations, threat hunting teams, and engineering teams.
All of the watchlists are predefined and available in the console, with data populated on dashboards.
The feed database is synchronized frequently to keep the database in SIEM up-to-date.
It has the best integration with McAfee ESM and can match well with all of the rules developed in McAfee.
The threat intel feeds can be directly called in McAfee ESM Content development such as rules, dashboards, and reports.
What needs improvement?
The product can be developed by bringing in AI and ML-based logic to learn from external emerging threats. This would help to keep the feeds real-time and secure the client's environment. Furthermore, it should use automation to notify customers or remediate the environment.
The analytics and big data platform integration can be improved to provide better visibility of past data to look for existing threats or missed threats. It will be better able to predict future threats and be resilient against new threats, risks, or attacks.
A cloud-based solution can be bought in to look for wider issues in external users or technologies.
For how long have I used the solution?
I have been using McAfee Global Threat Intelligence for the past year and a half, where it is connected to one of my customer environments.
Which solution did I use previously and why did I switch?
I am presently assessing multiple threat intel products and I feel that the McAfee GTI solution has good feeds and can be well developed.
What's my experience with pricing, setup cost, and licensing?
The cost is affordable and it also depends on the usage of the toolset.
Which other solutions did I evaluate?
I did not evaluate other products beforehand, as the client had the solution readily available.
What other advice do I have?
My advice for anybody who is considering this product is to assess and look at the tool. After this, you can decide on using it.
![McAfee Global Threat Intelligence [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_100/KhY3BKx8jXkMHFMEa3DJ8dKd.jpg?_a=BACAGSGT)
