Content

EclecticIQ Platform v2.4

Share

EclecticIQ Platform ingests structured and unstructured threat intelligence data from various sources, converts it to STIX, and aggregates it into a single, collaborative analyst workbench. EclecticIQ delivers attribution to potential threat actors, attempts to discover their intentions, and determines ways to detect and respond to them in the future. This methodology ultimately lets organizations find a balance between combating the threats they face and maintaining their business functions, improving the ROI of this intelligence-led cybersecurity product.

The customizable dashboard shows an intelligence overview that provides analysts with quick visibility into the data it has aggregated. However, we have found that this platform has a higher learning curve than some other threat intelligence products. Navigating and using the platform are not intuitive processes. We standardized our CVE searches across products, but still did not receive any hits on some of them. We can only conclude that either the platform did not meet our performance expectations, or we missed something along the way because we struggled so much to use it.

These challenges aside, we do like the flexibility of the interface and the fact that users may create various workspaces. These workspaces provide areas for intelligence teams to collaborate, manage information, save graphs, and create intelligence on the fly, all of which enrich the existing platform information and ensure that data is always readily accessible. A tasking workbench flows through the platform and streamlines the process of assigning tasks to others. My Tasks shows all the tasks assigned to particular users, each with accompanying due dates to make collaboration and organization as easy as possible.

Most of the preconfigured reports display intelligence information in meaningful ways. Various pieces of intelligence within these reports contain links that analysts may use to find where such information is located in the platform. This useful feature streamlines the uncovering threat details and therefore maximizes investigative efficiency. Users can also assign distribution groups and outgoing feeds within these reports to setup regular reporting cadences.

The product also has the ability to integrate with and empower other security tools, such as a SIEM, SOAR, and EDR. EclecticIQ enhances the capabilities of these platforms, giving them better threat identification and prioritization, faster investigation and response, reduced research time, and more accurate risk evaluation.

Overall, security pros will find EclecticIQ Platform a threat intelligence platform built for analysts. It  delivers several tools geared towards maximizing efficacy and efficiency, a secure means of team collaboration, and an elastic search feature to help security pros mine and research threat intelligence data. This platform expresses intelligence information well and has advanced capabilities that help analysts discover threat correlations and enriched data in one place, simplifying the product and enhancing its value. Because threats evolve and become more sophisticated, they have an ever-greater impact on the environments they infect, an unfortunate reality that motivates the kind of effective threat intelligence that this product offers. We hope that the EclecticIQ team will set their sights on improving the user experience now that they have refined so many other features on this platform.

Pricing starts at $100,000, which includes phone, email, and website support. Organizations also have access to a knowledgebase with installation documents and step-by-step support manuals that contain helpful screenshots. Additional support options are available for a fee.

Written by Katelyn Dunn

Tested by Tom Weil

Product title
EclecticIQ Platform v2.4
Product info
Vendor: EclelcticIQ Contact: www.eclecticIQ.com Product: EclecticIQ Platform v2.4 Price: $100,000
Strength
We like the flexibility of the interface and the fact that users may create various workspaces. Security pros will also really like how various pieces of intelligence within reports contain links that analysts may use to find where such information is located in the platform. This useful feature streamlines the process of uncovering threat details and maximizes investigative efficiency.
Weakness
This platform has a higher learning curve than some other threat intelligence products. Navigating and using the platform are not intuitive processes. We standardized our CVE searches across products, but still did not receive any hits on some of them.
Verdict
Overall, security pros will find EclecticIQ Platform a threat intelligence platform built for analysts, offering them several tools geared towards maximizing efficacy and efficiency, a secure means of team collaboration, and an elastic search feature to help them mine and research threat intelligence data.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.