ThreatConnect Threat Intelligence Platform (TIP) Reviews

ThreatConnect Threat Intelligence Platform (TIP) serves as the primary platform in our organization for IOC aggregation, normalization, and distribution to downstream security controls like SIEM, EDR, and SOAR in a managed services context.

In our daily operations, we use ThreatConnect Threat Intelligence Platform (TIP) to automatically inject IOCs from multiple sources including commercial feeds, open source intelligence, and client-specific detection, then distribute the highly confidential IOCs to downstream tools such as SIEM and EDR.

We also use ThreatConnect Threat Intelligence Platform (TIP) for continuous threat scoring, deduplication, and lifecycle management of IOCs, ensuring only high confidence, relevant indicators are operationalized and kept in sync across all integrated security tools including SIEM, EDR, and SOAR.

ThreatConnect Threat Intelligence Platform (TIP) has positively impacted our organization by significantly reducing response times and improving detection accuracy by ensuring only high-confidence, context-rich indicators are pushed to security controls.

From an operational standpoint, ThreatConnect Threat Intelligence Platform (TIP) has helped us reduce IOC handling and response time from hours to minutes by automating injection, enrichment, and distribution workflows.

The best features of ThreatConnect Threat Intelligence Platform (TIP) in my experience are the centralized IOC injection and normalization, the flexible playbook and automation, and the API-first architecture that enables us to perform custom integration with other products and real-time distribution.

ThreatConnect Threat Intelligence Platform (TIP) could be improved by simplifying the user interface to better fit day-to-day analyst workflow and reducing the complexity of configuring playbook and score logic.

I have been working in my current field for five years.

In my experience, ThreatConnect Threat Intelligence Platform (TIP) is stable.

ThreatConnect Threat Intelligence Platform (TIP) is highly scalable and handles increasing volumes of IOC effectively.

Our experience with customer support has been positive, as they have been responsive, knowledgeable, and helpful.

Previously, we used a combination of standalone threat feeds and basic SIEM integration for threat intelligence before switching to ThreatConnect Threat Intelligence Platform (TIP).

We have seen a measurable return on investment from ThreatConnect Threat Intelligence Platform (TIP), as we have reduced manual analyst effort by thirty to forty percent.

Generally, the pricing and setup cost are on the higher side.

Before choosing ThreatConnect Threat Intelligence Platform (TIP), we evaluated other vendors including Recorded Future and MISP.

My advice would be to fully leverage ThreatConnect Threat Intelligence Platform (TIP)'s automation and integration capabilities from the start. The review rating for ThreatConnect Threat Intelligence Platform (TIP) is eight out of ten.

We use ThreatConnect for our platform in the database to address the issues of threat attacks within the organization. It helps us look at solutions that can protect our data from being attacked. 

Additionally, it provides an alert mechanism to warn clients in case of internet attacks, focusing on data and information protection.

I like their customer support. Within a short period of contacting them, they resolve issues efficiently. The features are simple to use, and the interface is user-friendly, making it easy to navigate and apply the solutions. ThreatConnect helps us manage patch management and information within the organization effectively.

I would like to see improvements in the time zone support of their customer service, considering users are from different time zones. 

Additionally, the pricing is high for smaller organizations, so it would be beneficial to have tiered pricing. An audio tutorial feature would also be helpful.

I have used it for less than six months.

Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats. In most cases, it exhibits low performance.

ThreatConnect supports scalability by allowing us to identify threats and share information within our team networks, which facilitates better threat navigation and handling.

I just like their customer support because, within a short period of contacting them, they are able to help navigate issues. 

I would rate them nine out of ten.

Positive

We did not have any previous solutions. This is our first solution regarding security.

The initial setup was relatively straightforward for us since we had a technical person knowledgeable in ICT.

We had a team of seven people for the initial setup, and the resources cost us around $1,500.

We have been able to see a return on investment as our clients believe in us more. This trust has led to an increase in sales because customers are confident we can protect their data.

The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.

We did not evaluate any other options before choosing ThreatConnect.

Before implementing the solution, having a technical person on the team is crucial. It is also important to understand the time zone differences between your location and ThreatConnect's support team. 

I would rate them eight out of ten.

The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools.

TIP and SOAR are correlated. Neither one could exist alone. If the data is not available in TIP, we won’t be able to write the playbooks. For example, we used to give the client a daily update of the topmost dangerous hashes, IPs, or APTs. We used to upload everything. However, the tool would categorize it. The product automatically generated a threat score based on the maliciousness of an IP. It would correlate with other threat Intel databases.

The building of playbooks could be more refined. The training is not openly available. I couldn’t get any training videos online when I was working with the tool. With other tools, I could easily get the troubleshooting videos. However, with this product, it was a hurdle. We had to contact the vendor every time. The vendor was not from our time zone, so we had to wait for a response. There was a delay most of the time.

I have used the solution for one and a half years.

The tool has some difficulties. It is the only tool that we can integrate with every other tool. There are other tools, but they are not as efficiently integrated as ThreatConnect. It is a valuable tool.

We could add and delete users freely if we had admin access. We did not face any issues with it. We had 20 to 30 users.

I used to contact support regularly for bugs and updates. The support team was good, but the support team members were from a different time zone. I worked from India. Most of the support team members were based in Europe or the USA. The difference in the time zone created delays in issue resolution. We had some issues and wanted to publish some data urgently, but we had to publish it manually due to some bugs.

The initial setup was not very easy. I got a hang of it in three to six months. For every update and bug-related data, we had to go to the server, download the file, and send it to the client. It was a complex process.

The tool is expensive. It is worth the money, though.

If we had to trigger an alert regularly, we automated it. We could make the alerts trigger under specific cases. If someone has a budget constraint, they could use other tools. The product’s integration is very refined and very good compared to other tools. The tool could be integrated into any environment. Overall, I rate the solution a seven out of ten.

ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments.

ThreatConnect is not used at Spire, but at client sites.

The correlation capabilities are very high, the other one is its response capabilities and the automation response. Automation orchestration is possible with the tool.

ThreatConnect Threat Intelligence Platform (TIP) is used by many of the largest organizations worldwide, including Government organizations and Tech companies.

We have been promoting ThreatConnect for the last 5 years. ThreatConnect Threat Intelligence Platform (TIP) in an Intelligence-Driven and Federated Search Platform. My company, Spire, is a distributor and partner of the product.

Stability-wise, very stable with HA and DR capabilities through a Cloud or On-Prem deployments.

10/10

Positive

I have not worked with the products from any other vendors in the past.

The solution is deployed on the cloud and on an on-premises model.

I am not sure about the time required to deploy the product since I don't get into the technical nitty-gritty associated with the tool.

The tool's prices are at par when compared to the other products in the market, so it is not uber-premium or too pricey. I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap.

The tool's installation, integration, and playbooks are very straightforward and is supported by the Customer Success Team. 

I was doing research on this product by implementing a proof of concept.

It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion. Basically, it reduces the time to detect and repair any incident related to security. 

It is the security operations people or security engineers who use it.

The most valuable features are ease of use and the ability to customize it.

Integration is an area that could use some improvement.

We began using ThreatConnect about a year ago.

This is a reliable product and it's pretty stable in terms of how much traffic it can handle, as well as uptime.

ThreatConnect is pretty scalable. In our proof of concept, we didn't stress stuff to the point where it breaks, so we didn't get into a situation where we could see how much it can handle in a heavy load environment.

I find that the technical support is very good. They are very responsive and knowledgeable.

The price of this product is in the mid-range, not too expensive, nor inexpensive.

My advice for anybody who is implementing ThreatConnect is that they really have to understand what the use cases are, that they are trying to address. A lot of times, there is no one-size-fits-all model or solution. With an understand of the use case, they have to work closely with the vendor to ensure that it will deliver on the feature and the capabilities that they're looking for.

I would rate this solution a nine out of ten.

I use it mainly for investigation. I have found it really useful to track and map threat actors. It can be used for balloting as well.

It's a solid platform and is stable enough. It is not complicated and is easy to use.

It would be good to have more feeds and more integrated sources for enrichment.

I've been using this solution for two years.

It is a cloud solution.

It is stable.

There haven't been any issues with ingesting data, so I imagine that it's scalable.

I used Anomali and EclecticIQ before switching to ThreatConnect Threat Intelligence Platform (TIP).

As for the initial setup, it's straightforward. A free tutorial is available, so you can do the training before using the platform.

I would recommend ThreatConnect and rate it at eight on a scale from one to ten.

I use ThreatConnect to see what threats are coming in. I also use it to look at threats in the community. 

ThreatConnect has a highly user-friendly interface. I loved it. It's really great. It's also easy to configure.

They should make it a little bit easier to generate events and share them with the community. Right now, it's a little complex to share with them or to download your events in a report. The price could also be better.

I've been using ThreatConnect for a little over two months for my personal research purposes.

ThreatConnect is very stable.

As it's cloud-based, it doesn't require any installation.

The price could be better. ThreatConnect is very expensive for a single user, but it maybe affordable for companies.

On a scale from one to ten, I would give ThreatConnect an eight.