Why Use a Third-Party Threat Intel Platform to Enhance Cyber Defense by Jonathan Zhang


With the continued rise of new threats daily, a purely reactive approach to cybersecurity can land businesses in the latest headlines. Enterprises, big and small, would be wise to assume the worst—that they can be the next cyberattack victim—and should remain vigilant by employing a proactive defense.

We’ve seen organizations that succumb to data breaches and other cyberattacks not only lose confidential information but also suffer productivity loss, tarnish their brands, and damage their reputation, all of which ultimately leads to loss of customer trust and revenue. That said, organizations can beef up their security policies and solutions with the necessary actionable threat intelligence from reliable third-party sources.

Why Gaining an Upper Hand Aided by Reliable Threat Intel Is a Must

Studies show that 72% of companies are investing more in threat intelligence. That is a good sign because of the many security challenges that any business faces and which traditional solutions may not address.

Aside from the growing sophistication of threats, another challenge to effective incident response is the number of false positives that even advanced security information and event management (SIEM) systems produce. Having to sift through a huge volume of false-positive security alerts and failing to prioritize which of them needs more in-depth investigation can also hamper detection and prevention efforts.

As many as 70% of the alerts that cybersecurity analysts receive can indeed be false positives. It doesn’t help that they typically spend 13–18 minutes just to verify the legitimacy of each warning. Add to that the cybersecurity skills gap that currently plagues organizations, and defending networks seemingly becomes near impossible.

Cybersecurity analysts need a way to trim down their tasks to better protect their turfs. Employing a tool such as a threat intel platform that does the initial check for them can make the job easier.

How a Threat Intel Platform Can Ease Analysts’ Burden

A threat intelligence platform facilitates the tedious and daunting task of manually verifying if a security event or incident requires immediate attention or not. It provides context and relevant information about hosts to analysts so they can prevent or mitigate attacks before or as they happen. It runs each domain that’s trying to gain access to users’ networks through several checks to tell if they should be allowed in or blocked.

Users can benefit from a robust threat intelligence platform that:

  • Evaluates domains to distinguish malicious from non-malicious ones based on their domain reputation score. Users coming from domains with low reputation scores can immediately be flagged or blocked from gaining access to users’ networks, thus preventing risks.
  • Determines if a domain has ties related to malicious activities or hosts malicious files. That way, employees or company insiders won’t inadvertently land on websites that can infect their computers and consequently their network with malware.
  • Checks if a domain uses self-signed certificates typically seen in malicious hosts. Such domains can be flagged or blocked, depending on the user’s security settings. Users can also quickly identify Secure Sockets Layer (SSL) misconfigurations and vulnerabilities in an organization’s network for a quick resolution. That is a good approach to protect against vulnerability exploitation.
  • Provides in-depth information on a particular domain such as all connected IP addresses. If one of a domain’s IP addresses has been compromised, all others may have been as well. Given the information, security analysts can employ temporary access restrictions to suspected IP addresses as well.

Cybersecurity analysts may have some resources and skills to protect their organizations, but they may not have enough time to keep up with the ever-growing number of threats today. They can lighten their burden with the help of a third-party threat intel platform that could tell them outright which security alert or incident requires immediate action. By doing away with the tedious task of sifting through tons of alerts that may just turn out to be false positives, they can focus more on crafting proactive defense strategies that would benefit their companies most.

About the Author: 

Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP)—a data, tool, and API provider that specializes in automated threat detection, security analysis, and threat intelligence solutions for Fortune 1000 and cybersecurity companies. TIP is part of the WhoisXML API family, a trusted intelligence vendor by over 50,000 clients. 


March 10, 2020


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023