Avalon is regularly confused with a Threat Intelligence Platform (TIP). As an experienced cybersecurity professional I can see how others might make that assessment. After all, Avalon is a platform that ingests data used to analyze threat intelligence. However, your TIP and Avalon reside in different niches within your intelligence stack. Avalon is meant to complement your TIP by giving your analysts a powerful way to connect data from multiple sources to visualize the data, collaborate, and investigate and report on that data.
What is a TIP?
While the concept of a TIP is somewhat loosely defined, TIPs generally consist of a broad set of functionality that enables collection, correlation, categorization, analysis, and operationalization of your cybersecurity team’s data. Like Avalon, TIPs are capable of integrating with a number of data sources and provide a common operating picture for your team. TIPs can also feed directly into other security tools to allow for automatic detection and blocking of newly-discovered indicators. Sometimes, TIPs even include rudimentary link analysis and investigation tools.
So What’s the Difference?
Avalon provides a powerful way for analysts to combine and visually analyze, sort, and filter threat data from a broad range of sources. Because Avalon applies a standardized ontology to the data from each of our partners, it is easy to surface correlations between pieces of data, no matter where they come from. Avalon also has real-time collaboration to enable your team to work together, share information, and collaborate efficiently, and built-in reporting tools to make it easy to present information in a human-readable way to stakeholders.
Then, the in-depth human-powered analysis can be fed back into the rest of your intelligence stack through one of our built-in integrations, thorough our robust export capabilities, or in custom-built solutions that utilize our API. Avalon can (and should) become a seamless part of your workflow, in perfect harmony and constant communication with – you guessed it – your TIP. Avalon complements a TIP by enabling greater flexibility for analysts to dive into threats and alerts surfaced by the TIP, extend the investigation with other data sources or completed investigations shared with the Avalon community and document a report. The output of the investigation in Avalon can be shared back into the TIP for immediate operationalization of the data or the investigation can be shared with others inside or outside of Avalon.
For a limited time, select organizations can get an exclusive trial experience of the Avalon investigations platform. Click here to learn more about the Avalon Elite program and determine if your organization is eligible.