10 Hot Cyber Threat Intelligence Tools And Services In 2022

From Sophos’s ‘X-Ops’ To Blackcloak’s ‘Honeypot’ offering, firms are providing more proactive intelligence offerings to combat increasing cyberthreats.

For years, cybersecurity was seen as a mostly defensive operation to keep bad actors at bay, shoring up digital fortifications across a number of proven or potential attack vectors.

But cybersecurity companies, both big and small, are increasingly introducing new intelligence offerings as ways to combat cyberattacks, proactively trying to identify potential bad actors and their tactics before they unleash sometimes devastating attacks on organizations.

Some of the intelligence offering include the use of AI to sift through data and provide risk analytics to customers. Some include actual analysts diving into the dark web to find and assess risks.

Others offering provide a combination of AI and human intelligence capabilities.

Meanwhile, cybersecurity companies are also establishing new internal intelligence and general research units to enhance intelligence gathering and product development.

As part of CRN’s Cybersecurity Week 2022, here’s look at 10 intelligence hot tools and services offered by cybersecurity companies, from both large firms and startups.

* Trellix’s Advanced Research Center

* Sophos X-Ops

* Fortinet’s FortiRecon

* SentinelOne’s Singularity Vulnerability Mapping

* Cyberint’s Argos Edge

* BlackCloak’s ‘Honeypot’ deception trap

* Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Intelligence

* Securonix: Identity Analytics and Intelligence

* CrowdStrike’s suite of threat intelligence products

* Nisos: Managed Intelligence

Trellix’s Advanced Research Center

San Jose, Calif.-based Trellix, the giant XDR stalwart, recently combined a number of research units, including its threat-intelligence group, into a new “Advanced Research Center.” The goal: to enhance Trellix’s global threat intelligence capabilities, as well as produce better products to combat cyberattacks.

The new center can already claim an early intelligence-gathering victory. Last month, Trellix announced it had identified a 15-year-old vulnerability in the open source Python programming language that’s still lurking in existing codes and that could put at risk 350,000 open-source coding projects.

Sophos X-Ops

Sophos is another cybersecurity company that recently consolidated various operations into one – with the aim of improving its intelligence-gathering and product capabilities.

The U.K.-based Sophos earlier this year consolidated three previously separate units – Sophos Labs, Sophos SecOps and Sophos AI – into one group called Sophos X-Ops. The new unit has 500 employees comprised of malware analysts, automation engineers, reverse engineers, cloud infrastructure experts and other experts at Sophos.

“The goal is to find (attackers) on a virtuous cycle faster and faster and faster – and then keep them out,” Raja Patel, senior vice president of products at Sophos, told CRN in August.

Fortinet’s FortiRecon

Part of a good intelligence operation is trying to guess how an adversary might think and act in a hostile environment – and that’s precisely what Fortnet’s new FortiRecon attempts to do for customers.

In June, the Sunnyvale, Calif.-based Fortinet unveiled FortiRecon, which the company said in a statement uses “machine learning, automation, and human intelligence to continually monitor an organization’s external attack surface, determine its brand risk, and deliver custom intel to act earlier and faster on threats.”

As John Maddison, executive vice president of products and CMO at Fortinet, said in a statement: “The sooner in the attack cycle you identify and stop an adversary, the less costly and damaging their actions. Employing a powerful combination of human and artificial intelligence, FortiRecon provides organizations with a view of what adversaries are seeing, doing and planning.”

SentinelOne’s Singularity Vulnerability Mapping

This is a product that acts like a sort of counter-intelligence service that helps find and identify vulnerabilities – and thus potential attack vectors.

In June, the Mountain View, Calif.-based SentinelOne, the cybersecurity platform provider, unveiled a vulnerability mapping feature that the company says “delivers vulnerability assessment, prioritization and remediation at machine speed.”

SentinelOne also has its well-known WatchTower and WatchTower Pro threat-hunting offerings that complement the new vulnerability mapping feature.

Cyberint’s Argos Edge

The Tel Aviv, Israel-based Cyberint describes itself as “a pioneer in attack surface reconnaissance, fusing threat intelligence with external attack surface management.”

In June, the firm raised $40 million in funding – and immediately said it intended to use some of the money to further develop and expand Argos Edge, the firm’s SaaS threat intelligence and attack surface reconnaissance platform

Cyberint does dark web research as part of its intelligence work, helping it provide real-time actionable threat-intelligence alerts.

BlackCloak’s ‘Honeypot’ Deception Trap

We could get into how Orlando, Fla.-based BlackCloak recently added new mobile device security features to its Concierge Cybersecurity & Privacy Platform designed to protect top executives and other VIP-types from cyberattacks.

Among other things, the new features include a QR code scanner for an additional layer of malware protection on personal devices and a malicious calendar detection technology to detect suspicious invitations and newly added calendar items.

But let’s face it: It’s more fun to focus on BlackCloak’s proprietary deceptions technology, introduced last year, that lures attackers into effective cybertraps. In the espionage world, the lure-and-trap tactic is often referred to as a “honeypot” approach to identifying and catching bad guys.

BlackCloak was recently named one of CRN’s Emerging Security Vendors To Know In 2022.

Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Intelligence

In August, Cybersixgill, a threat intelligence provider based in Tel Aviv, Israel, unveiled its new Dynamic Vulnerability Exploit (DVE) Intelligence solution, which the company claims is the “cybersecurity industry’s first end-to-end intelligence across the entire Common Vulnerabilities and Exposures (CVE) lifecycle.”

The aim of its new solution is to streamline vulnerability analysis to help companies reduce risk by accelerating their time to response. Among other products and services, Cybersixgill also offers “dark web intelligence” to identify potential threats before they happen.

In March, the company announced it had raised $35 million in a Series B funding round led by More Provident and Pension Funds and REV Venture Partners.

Securonix: Identity Analytics and Intelligence

Securonix often describes itself as deliverer of a next generation security analytics and operations platform. But others say that, when you get right down to it, it’s also a security intelligence solutions provider that allows users to “detect, track, evaluate and challenge security threats and risks.”

No matter how it’s described, investors love the Addison, Texas-based Securonix to the tune of more than $1 billion, which is how much the company earlier this year raised in a growth investment round led by Vista Equity Partners.

Among Securonix product add-ons: Identify Analytics and Intelligence.

CrowdStrike’s Suite Of Threat Intelligence Products

Cybersecurity stalwart CrowdStrike has a number of threat-intelligence products. Take your pick.

Some of the Austin, Texas-based company’s intelligence offerings include: Crowdstrike Falcon Intelligence (automated intelligence), CrowdStrike Falcon Intelligence Premium (cyber threat intelligence), CrowdStrike Falcon Intelligence Elite (assigned analyst) and CrowdStrike Falcon Intelligence Recon (digital risk protection).

CrowdStrike’s most recent intelligence- and detection-related announcements have dealt with AI-powered Indicators of Attack and a new cloud threat-hunting service.

Nisos: Managed Intelligence

This has to be one of our favorite corporate self-descriptions around, via Alexandria, Va.-based Nisos under the header: “Experts (yes, really)”: “We are the Managed Intelligence company (nope, we are not yet another cyber intelligence feed). Our services enable cyber security, corporate security, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs.”

Among its solutions are cyber, fraud, platform, protective and third-party intelligence offerings. One particularly interesting offering: Reputation Intelligence.

Some investors obviously like what they see at Nisos, earlier this year providing the firm with $15 million in a Series B funding round led by Paladin Capital Group.