Threat Management Tools
Threat management tools for threat intelligence, advanced persistent threat detection, and cyber threat analysis.
Browse 450 threat management tools
FEATURED
USE CASES
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
A project sharing malicious URLs used for malware distribution to help protect networks.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
Threat Management Specializations
450 tools across 4 specializations · 174 free, 276 commercial
Advanced Persistent Threat Detection
APT detection tools that identify sophisticated, long-term cyber attacks and advanced persistent threat campaigns.
Threat Intelligence Platforms
TIP for collecting, analyzing, and sharing cyber threat data, indicators of compromise (IOCs), and threat feeds.
Threat Modeling
Threat modeling tools for identifying security risks, attack vectors, and potential threats in system architectures.
Threat Management Tools FAQ
Common questions about Threat Management tools, selection guides, pricing, and comparisons.
A TIP aggregates threat data from multiple sources (commercial feeds, open-source, ISACs, internal telemetry), normalizes it into structured formats (STIX/TAXII), and distributes indicators of compromise (IOCs) to your security tools. You need a TIP if you consume multiple threat feeds, want to correlate external intelligence with internal incidents, or need to share intelligence with peers and ISACs.
Penetration testing is a point-in-time assessment where human testers attempt to find and exploit vulnerabilities. Threat simulation (breach and attack simulation) continuously and automatically tests your security controls against known attack techniques mapped to MITRE ATT&CK. Pen testing finds novel vulnerabilities; threat simulation validates that your defenses work against known attacks on an ongoing basis.
Threat modeling identifies potential security threats during the design phase, before any code is written. By systematically analyzing data flows, trust boundaries, and attack surfaces, teams can prioritize which threats to mitigate architecturally rather than patching vulnerabilities after deployment. Common frameworks include STRIDE, PASTA, and attack trees.
