The FASTEST way to consume threat intelligence.
CIF allows you to combine known malicious threat information from many sources and use that information for incident response, detection and mitigation. The most common types of threat intelligence warehoused in CIF are ip addresses, domains and urls that are observed to be related to malicious activity.
- it only takes 10min or less...
- an IDS NEEDS a feed of suspicious ip addresses.
- an RPZ NEEDS a feed of suspicious domains.
- your firewall(s) CRAVE feeds of known attackers.
...and they want these things aggregated, filtered "so we don't block NetFlix again", in as near real-time as you can find them. hundreds of thousands of indicators at an instant. Most threat intel platforms only get YOU the data- you need to get YOUR INFRASTRUCTURE the data.
Otherwise, what's the point? :)