Threat Intelligence

What is CTI?

Cyber Threat Intelligence is a crucial component of modern-day security operations as it provides security professionals with a constant feed of information that provides context to your alerts. This reduces the time required to determine the fidelity or accuracy of an alert, informing and accelerating the investigation and resolution of an incident.

In addition to providing context to alerts, threat intelligence also provides Indicators of Compromise (IOCs) and common Tactics, Techniques, and Procedures (TTPs) that are attributed to threat actors. Armor leverages the MITRE ATT&CK framework to correlate events within your environment to these threat actor profiles, allowing us to prioritize certain alerts and initiate threat hunting procedures early in the kill chain.

Curated CTI Feeds

Armor provides customers with our own curated CTI feeds out-of-the-box. Depending on subscription level, these include a combination of open-source, commercial, and analyst-collected threat intelligence. Customers can also ingest their own CTI feeds through various connectors such as STIX/TAXII, MISP, or directly through API integrations.

In addition to integration with your SIEM and analytics platforms, Armor’s CTI feeds can be integrated into other aspects of your security stack using standard STIX/TAXII connectors.