EclecticIQ Platform ingests structured and unstructured threat intelligence data from various sources, converts it to STIX, and aggregates it into a single, collaborative analyst workbench. EclecticIQ delivers attribution to potential threat actors, attempts to discover their intentions, and determines ways to detect and respond to them in the future. This methodology ultimately lets organizations find a balance between combating the threats they face and maintaining their business functions, improving the ROI of this intelligence-led cybersecurity product.
The customizable dashboard shows an intelligence overview that provides analysts with quick visibility into the data it has aggregated. However, we have found that this platform has a higher learning curve than some other threat intelligence products. Navigating and using the platform are not intuitive processes. We standardized our CVE searches across products, but still did not receive any hits on some of them. We can only conclude that either the platform did not meet our performance expectations, or we missed something along the way because we struggled so much to use it.
These challenges aside, we do like the flexibility of the interface and the fact that users may create various workspaces. These workspaces provide areas for intelligence teams to collaborate, manage information, save graphs, and create intelligence on the fly, all of which enrich the existing platform information and ensure that data is always readily accessible. A tasking workbench flows through the platform and streamlines the process of assigning tasks to others. My Tasks shows all the tasks assigned to particular users, each with accompanying due dates to make collaboration and organization as easy as possible.
Most of the preconfigured reports display intelligence information in meaningful ways. Various pieces of intelligence within these reports contain links that analysts may use to find where such information is located in the platform. This useful feature streamlines the uncovering threat details and therefore maximizes investigative efficiency. Users can also assign distribution groups and outgoing feeds within these reports to setup regular reporting cadences.
The product also has the ability to integrate with and empower other security tools, such as a SIEM, SOAR, and EDR. EclecticIQ enhances the capabilities of these platforms, giving them better threat identification and prioritization, faster investigation and response, reduced research time, and more accurate risk evaluation.
Overall, security pros will find EclecticIQ Platform a threat intelligence platform built for analysts. It delivers several tools geared towards maximizing efficacy and efficiency, a secure means of team collaboration, and an elastic search feature to help security pros mine and research threat intelligence data. This platform expresses intelligence information well and has advanced capabilities that help analysts discover threat correlations and enriched data in one place, simplifying the product and enhancing its value. Because threats evolve and become more sophisticated, they have an ever-greater impact on the environments they infect, an unfortunate reality that motivates the kind of effective threat intelligence that this product offers. We hope that the EclecticIQ team will set their sights on improving the user experience now that they have refined so many other features on this platform.
Pricing starts at $100,000, which includes phone, email, and website support. Organizations also have access to a knowledgebase with installation documents and step-by-step support manuals that contain helpful screenshots. Additional support options are available for a fee.
Written by Katelyn Dunn
Tested by Tom Weil