SOCRadar Extended Threat Intelligence Reviews

I use SOCRadar Extended Threat Intelligence for VIP monitoring, CM tool monitoring, and CTI, specifically for early detection systems for our customers. If there is any leakage of customer accounts, we know about it. If there is any information about them on the dark web, we are immediately informed. Overall, I use it for intelligence purposes.

My favorite feature is probably the API and the integration with the CM tool that allows for automated integration. The leak accounts feature is exceptionally valuable, as it provides high visibility to the dark web and hacker forums where we are immediately notified if any account or company within our scope appears. The visibility is quite comprehensive and the response is fast.

Pricing is a problem as I see it. The credit-based model is extremely expensive. If a company does not have at least €70,000 to invest, they tend to avoid the solution because of the cost structure. The issue is not necessarily the pricing itself, but rather the credit-based model. If the pricing were structured as a flat fee of €70,000 or €30,000 with unlimited searches and unlimited credits, I would see much greater value in the solution. However, with the current model, you pay tens of thousands of euros and still have limitations on your searches.

For an MSSP like myself, this is particularly challenging because we have dozens of customers. If we conduct a search for every customer monthly, bi-monthly, or even quarterly, the credits will be depleted by the end of the year or even sooner. The credits can become expendable very quickly, sometimes within a few months. This is the only downside of SOCRadar Extended Threat Intelligence. Otherwise, I believe it is almost the perfect tool for CTI. I consider it the leading CTI tool on the market. There are many others that try to get close to it, but they are not even close.

I have been using SOCRadar Extended Threat Intelligence for a couple of years, not only the advanced version but the whole product.

I have not experienced any stability issues. SOCRadar Extended Threat Intelligence is a very stable tool with no lack of performance. I cannot remember any instance of the system not working or being down. The tool has been perfect in this regard.

SOCRadar Extended Threat Intelligence is very scalable because they use MSSP as their main focus. It is scalable because you can have multiple sources and multiple customers, with everything going through the API. You can have a CM tool that scales with customers across it. However, the pricing prevents greater scalability. From one to ten, I would give it a seven out of ten just because of the pricing, as the pricing structure does not allow you to scale effectively without spending a significant amount of money. In terms of technology, I would give it a ten out of ten.

SOCRadar Extended Threat Intelligence's customer support is definitely strong. I have interacted with not only the sales team but also the customer support and their CTI experts across many companies where I worked and tried to purchase their services. I can tell you they are super fast, super helpful, and they seem to be quite knowledgeable.

I have definitely contacted the technical support and customer support for SOCRadar Extended Threat Intelligence. I have interacted with not only the sales team but also the customer support and their CTI experts across many companies where I worked and tried to purchase their services. They are super fast, super helpful, and they seem to be quite knowledgeable.

If I were to put SOCRadar Extended Threat Intelligence support on a scale from one to ten, ten being the highest, I would give them a solid seven or eight. I would not give them a ten because I did not have much interaction with them. The interactions I had were minimal, but they were quite good.

I have given this review a rating of ten out of ten.

Positive

I have used many alternative solutions. I basically use everything on the market, and when I see new ones, I use them. I use free OSINT tools as well. I use many of them, such as Hudson Rock and other similar ones. Hudson Rock is the one that gets closer, but it is more for infostealers and similar threats. The most complete solution of all, which goes across everything and the entire spectrum, is SOCRadar Extended Threat Intelligence. I use multiple free tools that, when combined, do not give me the same value as SOCRadar Extended Threat Intelligence provides. It is not the same as having ten tools versus having one. SOCRadar Extended Threat Intelligence was quite smart in consolidating all of this into one tool.

The initial setup is fairly easy. SOCRadar Extended Threat Intelligence does the whole work for us, and if we need to add an integration to our CM tools or anything else, it is super easy. They have a quite complete API tool. They have integrations for Palo Alto and other tools, or even for Sentinel, Rapid7, and others. They are really good at this. They have multiple integrations, and the implementation is fairly easy.

One person is enough to work with SOCRadar Extended Threat Intelligence team, such as a threat intelligence specialist who is able to do the job. It is basically easy because they will guide you through it. You do not need more people. You can always have one or two, but one is sufficient. You do not need that many.

I am not using their AI tool. I do not know if they have any AI currently. I did not check it, but every company nowadays has some AI platform or AI integration because it is a new niche. I basically use what they had from before, such as their threat intelligence, their guides, their background research, and their monitoring from Telegram. I do not use anything specifically labeled as AI from them. If they already have it implemented in the core of their solution, then I am using it and did not even know about it. They might have it, but not that I am aware of. I am not using something that is per se AI from them or used before.

I have used the unique dark web sources that SOCRadar Extended Threat Intelligence provides. I use the sources that they give me. Sometimes they provide even the Telegram chats and forums where they conduct their research. They are very transparent about this. We can go there and access the Onion links and everything. I use them, but not very often because when they do the work for me, I do not need to use them that much. However, for curiosity, I sometimes go in and check the sources.

SOCRadar Extended Threat Intelligence offers Takedown services. I have never used them because I never needed the service, as we never had an exposure that would require a takedown service from them. I did use the information once or twice to do it myself. We used the information that we had an impersonating domain and, instead of using their services which again requires credits and is expensive, I did the work myself. I contacted the provider and told them that the impersonation was not authorized, and we handled it ourselves. I never used their service and do not know how good it is. The issue comes down to credits and cost.

I have not used their Identical Phishing workflow for noise minimization capabilities. I have never used that tool because phishing is already integrated within Microsoft Exchange, and Microsoft already has pretty good threat intelligence with it, so we keep it within Microsoft. We mainly use Microsoft, or if we use Google, Google has their own services as well.

Attack Surface Threat Assessment is a really good feature because I can use it to get leads on customers. When I get a customer and input it there as an MSSP, it gives me the attack surface of the customer and their exposure. Again, you need some credits to make a search and complete the process. Before, you needed to ask them personally to add a customer. I believe they changed that so you can go on the fly and add it yourself, but previously you needed to ask them, which was not comfortable. Otherwise, the product itself is good because it gives you a good overview of the company's exposure. It was really good for getting leads. If you have a possible customer lead and input that domain, it will give you more information about the exposure of that possible customer and get you ready to win a new customer, which for me is a very important point when it comes to cybersecurity in MSSPs.

I had many consulting jobs with companies that wanted SOCRadar Extended Threat Intelligence and wanted more details on the operational side. One of the things I tell everyone is the ease of getting started with them because they are super fast, they are technical, and they help. When you pay such an amount of money, they will help you with everything.

SOCRadar Extended Threat Intelligence does not require any maintenance on my end. Everything is being taken care of by them from their API. For example, if you have it on your CM tool, it is taken care of by them. Only if you want to add more customers, you can do it yourself, but otherwise, everything is in the background with them. It is super easy. I do not need to deal with anything. I have never had to do any type of maintenance from my side. Even if I have the free tool or the complete tool, I have never had to do any maintenance.

I primarily use SOCRadar Extended Threat Intelligence for incident response and threat detection.

Apart from threat monitoring and incident response support, SOCRadar Extended Threat Intelligence also helps track threat actor activity, leak credentials, and brand impersonation risk, which are some key features that definitely help the organization to secure everything. Among the features of advanced dark web monitoring, external attack surface management, and brand protection, I rely the most on advanced dark web monitoring, as it helps to identify leaked credentials, sensitive data exposure, and discussions by threat actors related to our organization. This is very useful because it provides early warning about potential security incidents and allows us to take proactive actions such as resetting compromised accounts and strengthening security controls before any attack happens.

SOCRadar Extended Threat Intelligence is a very proactive security providing product in the market, and it helps identify potential threats related to our organization that we currently found. It is a very important product for any organization that works on incident response and IOC correlation.

SOCRadar Extended Threat Intelligence has a positive impact on our organization by improving proactive threat visibility and early risk detection. With features such as dark web monitoring and external attack surface visibility, we can identify potential threats such as leaked credentials, which improves our overall response to threats and strengthens our security posture.

There are many things that could be improved in SOCRadar Extended Threat Intelligence. Firstly, it could benefit from improvements in SIEM SOAR integration, alert customization, and deeper threat context, which are areas for more effective enhancement for SOC teams.

Overall, SOCRadar Extended Threat Intelligence does great things, but one additional area that could be improved is advanced reporting and analysis. This improvement could focus on customizable reporting and dashboards, along with expanded automation and API integration.

SOCRadar Extended Threat Intelligence is definitely stable and provides much better security compared to any other solution.

SOCRadar Extended Threat Intelligence performs well in terms of scalability, offering a cloud-based solution along with on-premises options, allowing organizations to scale up their monitoring capabilities without requiring additional infrastructure.

The customer support for SOCRadar Extended Threat Intelligence is average, as the support team is responsive and knowledgeable, although it takes some time to get responses. It is better compared to other solutions.

Before choosing SOCRadar Extended Threat Intelligence, I evaluated other options, including Recorded Future, CrowdStrike Falcon Intelligence, and Digital Shadow.

Since implementing SOCRadar Extended Threat Intelligence, one of the key outcomes we have noticed is faster threat identification and improved response time, as the platform provides early visibility into potential risks such as credential risks and exposed assets. We have seen an improvement in threat detection speed and investigation efficiency, which helps us identify potential risks much faster compared to when we were not using this tool.

We have seen a positive return on investment from using SOCRadar Extended Threat Intelligence, particularly in time savings in threat investigation and monitoring. The platform aggregates intelligence from multiple sources and provides contextual insights, reducing the manual research required for tasks that previously involved manual dark web searches or correlation across different threat intelligence sources.

My experience with SOCRadar Extended Threat Intelligence concerning pricing, setup cost, and licensing has been generally positive, as the platform offers a flexible pricing model and modular licensing that makes it easier for organizations to scale as their threat intelligence needs grow. The implementation was straightforward because the platform is SaaS-based, requiring minimal infrastructure and allowing quick onboarding.

We have explored the AI-driven solution offered by SOCRadar Extended Threat Intelligence, which includes automated tools designed to assist with threat analysis and intelligence correlation. These features help streamline threat investigations by aggregating intelligence from multiple sources and providing contextual insights, reducing manual effort and improving our threat response speed.

We have utilized the managed takedown services from SOCRadar Extended Threat Intelligence, and they helped us quickly remove phishing sites and brand impersonation domains, improving our ability to mitigate external threats faster and reducing actionable time.

We have utilized the dark web intelligence sources from SOCRadar Extended Threat Intelligence, and they have been quite valuable for early threat detection, as the platform helps monitor dark web forums, marketplaces, and breached data sources where we can find leaked credentials and sensitive information. SOCRadar Extended Threat Intelligence allows us to take proactive remediation actions before they escalate into any incidents.

I would rate this product an eight out of ten.

The platform provides valuable insights on various Telegram channels involved in cyber campaigns, particularly relevant given the Russia-Ukraine conflict.

SOCRadar Extended Threat Intelligence helps me identify potential threats early through monitoring of Telegram channels and dark web sources. I typically receive information about users whose data was leaked from companies we monitor, as well as information regarding APT plans that may involve our clients.

SOCRadar Extended Threat Intelligence minimizes noise through its noise minimization capabilities and agentic phishing workflow. However, the system sometimes misses phishing emails, requiring me to double-check emails that appear suspicious or may be false positives. Overall, the platform provides significant assistance to our operations.

The Attack Surface Threat Assessment feature is exceptional. I can understand how attacks are initiated, where they originate, and how to proceed accordingly, making it an excellent feature.

I utilize the unique dark web sources through SOCRadar Extended Threat Intelligence via dark web monitoring, which is a valuable feature.

My primary use case for SOCRadar Extended Threat Intelligence is detecting credential and data leaks for our clients. We use the platform to monitor the dark web for compromised domains and leaked datasets containing our customers' emails and passwords. When we discover an active, leaked account—particularly for high-risk clients like those in the banking sector—we immediately notify them to change their credentials and secure the account before an attacker can exploit it. My experience with the tool is highly focused on this specific area of proactive data leak detection, and it is highly effective for this work.

The best feature that SOCRadar Extended Threat Intelligence offers is definitely the detection of leaks in the dark web.

When I mentioned detection clips, I think a lot of our customers don't have security teams, so it is easier to use.

SOCRadar Extended Threat Intelligence has positively impacted my organization by saving time and giving us an overview of all that we need in our hands.

We reduce the surface of attack for our customers and give them more recommendations based on what we found in SOCRadar Extended Threat Intelligence.

I have been using the solution for the past three months.

SOCRadar Extended Threat Intelligence is stable in my experience.

SOCRadar Extended Threat Intelligence does not handle growth well as my needs change.

Regarding the utilization of SOCRadar Extended Threat Intelligence's unique dark web sources, I should clarify that I am not the one who pays for SOCRadar Extended Threat Intelligence or provides the licenses. I was using it as a solution.

I have used SOCRadar Extended Threat Intelligence's dark web sources to find leaked credentials or data about my customers, and it helps. It is very helpful and gives us an advantage in protecting our customers.

For advice, I think it is easier if you go to read the documentation before using it.