What’s Applied Threat Intelligence (ATI)?

Cyber threat intelligence that’s way less complicated

Applied threat intelligence combines sophisticated cyber threat intelligence (CTI) with detection and response.

No, it’s not another feed.

Threat intelligence is a must-have in your cyber arsenal. But traditional methods are expensive, time-consuming, and aren’t specific to your network environment. Our approach to threat intelligence is a simpler, lower-cost method that blocks threats that are in your network right now based on a connection’s reputation and behavior.

Traditional vs applied threat intelligence

Applied threat intelligence eliminates all the complexities of traditional threat intelligence while preserving all of its benefits.

	Applied Threat Intelligence	Traditional Threat Intelligence
Implementation	Fast and easy Requires minimal experience to install and implement with a short time to value.	Lengthy and expensive Requires highly specialized staff trained to monitor, analyze, and interpret how threat intelligence applies to observations.
Ease of Management	Simple and automated Threat monitoring and protection is part of your stack. The Intrusion Global Threat Engine recognizes and neutralizes threats for you without generating alerts.	Labor-intensive, limited automation Manual work and continuous validation is required to successfully use the intelligence, even in an automated capacity, to lessen alert volume and false positives.
Integration	Already integrated Applied threat intelligence is integrated into all Intrusion solutions and does not require restructuring of your existing infrastructure upon install.	Varies with vendors Integration of threat intelligence into various tools like Security Information and Event Management (SIEM), Intrusion Detection and Prevention systems, and firewalls depends on vendor capabilities.
Network Detection Response (NDR)	Included With applied threat intelligence, network detection and response is included. Save time and money with a combined solution.	Not included With most threat intelligence platforms or feeds, you still need something to stop the threat. This increases costs and generally requires additional headcount to manage multiple solutions.
Network Visibility	24/7 visibility with context See the threats that are on your network right now. Intrusion assesses every connection made to and from your network (not just a sample) to show you what’s happening in real time so you can prioritize your efforts.	Not network specific Typical threat intelligence is not contextualized to your network. There are curated feeds that can provide intelligence on malicious indicators that are more likely to be in your environment, but whether they are there or not still remains unknown without further investigation.
Alerts	No triggered alerts Threats are automatically blocked and documented. Reports are available but no alerts requiring action are generated, reducing the risk of cybersecurity team burnout.	Constant stream of alerts All potential threats trigger alerts to be manually reviewed. And to receive those alerts, you also have to set up triggers based on the ingested intelligence.
Threat Intelligence Database	Dynamic and sophisticated Our threat intelligence is our bread and butter. The core of our database is 30 years of internet history paired with behavior, reputation, and manual analysis algorithms to not only protect you from known threats, but the unknown ones too. Learn More	Varies in quality Threat feeds can vary in quality and quantity. Threat Intelligence Platforms (TIPs) have made it possible to curate tons of feeds and help sift out the threats most relevant to your network, but it is expensive and still requires heavy manual work in comparison.