Threat Intelligence


Prevent vs Detect and Response

For years, security strategy was one of prevention. The goal of any good security team was to keep the bad guys from breaking into the network. For a while, this strategy was a winning one… then the world changed.

Enthralled by the billions of dollars cyber criminals steal yearly, more and more attackers emerged to test the meddle of the security team. Attack plans evolved from simply exploiting remote external vulnerabilities, to leveraging malware, phishing and other user-based attacks to bypass external controls. There were simply too many

Just as the attackers evolved, security teams had to evolve as well. While prevention is still employed, a new strategy of detecting and response offers the most effective way to mitigate the potential damage caused by a data breach. At RedLegg, our virtual SOC offerings, managed by our expert analysts, allow us to take up the cyber security watch, detecting and responding to threats and ultimately reducing the dangers our clients face.

Why Use a Threat Intelligence Service?

Threat Intelligence Services specialize in the collection of numerous data sources, normalizing the data from these sources into actionable intelligence, and removing duplicate entries. Allowing integration with complex security networks, Threat Intelligence Services help enhance the detect and response capabilities of an organization, allowing the identification of more threats in a faster capacity than standalone security devices.

Services Definitions

RedLegg’s Threat Intelligence Service enables RedLegg to combine a professionally curated threat intel feed with a threat intel feed gathered from RedLegg MSS services using the Watchtower Platform. This allows RedLegg analysts to discover events that aren’t always apparent from correlation alone, distinguish between false positives and real events easier, and speed investigations into the discovered events. This service can enhance your current or future managed security services, providing even greater protection against the various security risks faced by the organization.

RedLegg’s Threat Intelligence Service offers organizations the ability to grow their current RedLegg services by enhancing the enterprise-wide detect and response capabilities, ultimately lowering the overall risk faced. A summary of the features of each service is shown below:

 RTIS Solution
Icons__check-blue Low Cost of Entry
 Icons__check-blue Access to a Professionally Curated Threat Intelligence Feed
 Icons__check-blue Access to observables and IOCs gathered from RedLegg customers using the Watchtower Platform
 Icons__check-blue SIEM Integration


Low Cost of Entry

As this product was designed specifically for RedLegg to integrate into their existing SIEM deployment, the barrier to entry has been drastically lowered to enable security teams to perform optimally for a fraction of the cost of many other Threat Intelligence feeds.

Access to a Professionally Curated Threat Intelligence Feed

RedLegg leverages a professionally curated threat intelligence feed to provide reliable IOCs and other threat intelligence to RedLegg customers.

Access to Watchtower Threat Intelligence Feed

RedLegg leverages our Watchtower platform to provide IOCs and observables from RedLegg customers and merging them into our threat intelligence feed.

SIEM Integration

Integrates threat intel into the SIEM for prioritized alerts/reports and investigations.