My main use case for SOCRadar Extended Threat Intelligence is tracking threat campaigns on our clients.
There was a recent Team 313 campaign going on, and on a public Telegram channel, they stated they were targeting a Dubai-based government. That Dubai-based government is integrated with us, so as a provisional measure, we made a case on high severity and told them to use rate limiting or other DDoS prevention techniques. This is how we use SOCRadar Extended Threat Intelligence.
We also use SOCRadar Extended Threat Intelligence to track the PII exposure of clients. For example, if there is a third-party application, such as a Udemy breach, we check if our client data is leaked or not. If we are logged in because of the credentials of that user, we will raise a high severity alert.
The best feature that SOCRadar Extended Threat Intelligence offers is its scans. It does passive scanning, and you will know if there is anything suspicious related to the client. In case there is an impersonation domain or any GitHub repository, you will know instantly. That's the best thing about SOCRadar Extended Threat Intelligence.
The passive scan definitely improves accuracy. If you do the manual work, it may take some time, around three to four business days. However, with SOCRadar Extended Threat Intelligence, you will get notified if there is a new domain formed or if the domain formed is related to the client. That's the best thing.
There is all positive experience with SOCRadar Extended Threat Intelligence. For example, if an exposed subdomain or leaked credential is detected through passive methods, the organization can take proactive actions, such as restricting access, resetting passwords, or enabling MFA. This reduces the risk of unauthorized access, data breaches, or account compromise.
Passive scanning improves our organization's security posture in measurable ways. It helps to reduce the external attack surface by identifying and removing exposed assets, such as new subdomains or open services. Our organization can track metrics corresponding to the number of exposed assets discovered versus remediated over time. This lowers the risk of account compromise by detecting leaked credentials.
Everything is good about SOCRadar Extended Threat Intelligence, but it produces too much noise that needs to be reduced. SOCRadar Extended Threat Intelligence works by keywords, so if there is a particular keyword that you have added, it will trigger an alert. Most of the time, those cases are false positives, so it does take time with the investigation you have done. This is a key improvement area. I would also suggest improving the customization options, such as a tailor-made dashboard, industry-specific intelligence, and more flexible alert rules. With SOCRadar Extended Threat Intelligence, there are no options to create rules; there is a fixed number of rules that will be triggered.
Regarding SOCRadar Extended Threat Intelligence's AI capabilities, the accuracy and reliability of output are not that accurate.
I have been using SOCRadar Extended Threat Intelligence for around 1.3 years.
SOCRadar Extended Threat Intelligence is stable.
SOCRadar Extended Threat Intelligence is pretty scalable.
The customer support for SOCRadar Extended Threat Intelligence is pretty good. You will get a response within one business day. For example, if there is a takedown request, you will definitely get a faster response.
We have only relied on SOCRadar Extended Threat Intelligence from the start and have not used any previous solutions.
We have evaluated other options with DarkOwl services, but SOCRadar Extended Threat Intelligence's services are pretty good. We spoke with different organizations regarding DarkOwl.
I would advise others looking into using SOCRadar Extended Threat Intelligence to definitely go ahead, especially if you are a fresher, because the dashboard is pretty user-friendly. If you are new to dark web monitoring, SOCRadar Extended Threat Intelligence team is going to provide you with the guidance.
Time has definitely been saved. I rate this product an 8 out of 10.