Why do we need threat intelligence platforms and how to select them?
The benefits of integrating threat intelligence feeds with existing information security processes and systems are clear. They provide a constantly updated list of active Indicators of Compromise (IoCs) - most often malicious IP addresses, URLs or hashes of malicious objects - along with additional context that can be used to improve detection and response to various threats.
If a company monitors only events inside its network, and doesn’t use external data on IoCs - which, for example, are active in the region or industry where the company operates - then this company is at a higher risk of missing or not responding to a malicious activity occurring on the network. This could be, for example, simply because it has no information that a specific IP address which a host on the network has established a connection with is malicious.