[Webinar Series] 4 Powerful Sessions tailored for Government Agencies, National Security Professionals, and Defense Organizations, April 15-23. Register now
Close
Breach & Attack Simulation
Threat Intelligence

How Filigran is redefining the rules of cyber threat management

Apr 15, 2025 6 min read

Neena Sharma

Product Marketing Manager

Organizations rely on cyber threat intelligence to assess risks from an expanding range of cyber threats. Security teams use this intelligence to prioritize vulnerabilities and weaknesses that are most likely to be exploited, enabling them to take proactive measures before an attack materializes.

What are some of the issues with cyber threat intelligence today?

Building a comprehensive threat management program can be challenging as it requires working with multiple threat feed sources, integrations between different security systems, and workflow automation. Without a unified platform to correlate and structure intelligence, organizations end up with siloed insights, making it difficult to get a holistic view of the threat landscape.

Data overload without context

CISOs, threat intelligence analysts, threat hunters or SOC team members, everybody looks for different insights from threat intelligence but today too much threat intelligence sits in dashboards and reports instead of being used in real-time. This is because much of this is noisy, redundant, or lacks contextual relevance, making it difficult to determine which threats pose real risks. Increased volume and velocity of reports, indicators, vulnerabilities and alerts lead to high false positives and processing fatigue.

Threat intelligence needs to move beyond indicators of compromise (IOCs) to risk-based, contextual decision-making intelligence that’s fit for purpose – for different roles and for input into different security systems.

Threats alert overload

Rigid and inflexible data models

Frameworks like STIX 2.1 and MITRE ATT&CK are helping to standardize threat intelligence to enable sharing and interoperability. STIX is extremely useful to represent the complex relationships between cyber threats, adversary tactics, and attack techniques. This also sets the base for automation. However, benefits of these modern frameworks are dependent on the flexibility of data models used for collection, storing and processing of threat intelligence. Some of the traditional Threat Intelligence Platforms (TIPs) support STIX framework only partially or not at all due to proprietary data models. Security teams often have to work around these constraints, leading to incomplete intelligence analysis and missed insights.

This lack of standardization makes integration with different security systems like SIEM, SOAR, EDR, Firewalls – very complex. Many organizations struggle with only one-way intelligence flow making threat intelligence passive rather than actionable, slowing down security teams and reducing its impact.

Threat Intelligence feed portal vs Threat Intelligence Platform

Organisations use multiple threat intelligence feeds varying from OSINT, ISACs, commercial, or darknet intel sources. Without a central Threat Intelligence Platform (TIP) to process and streamline threat intelligence, it leads to a lot of unrelated, redundant data. This means a lot of wasted time and effort for analysts.

Filigran’s OpenCTI – a fresh take on cyber threat management

Organizations need a structured, scalable and integrated threat intelligence platform. Even threat actors constantly collaborate, selling exploits, sharing tactics, and coordinating attacks across underground forums. Defenders must match and surpass this level of cooperation. This is the exact philosophy behind OpenCTI, Filigran’s threat intelligence platform.

By combining a modern technology foundation, open-source development, power of AI and a community-driven model, OpenCTI provides a powerful, scalable, and collaborative approach to threat management. It gives you access to a platform, purpose-built for and harnessed by an active TI community. It is already used by thousands of Cyber Threat Intelligence (CTI) teams, globally including the most demanding intelligence and defence organizations.

Filigran XTM Suite – Ecosystem

With OpenCTI you can:

  • Operationalize threat intelligence faster with modern and intuitive dashboards, advanced visualizations, graph analysis and being able to group threat actors, malware, vulnerabilities.
  • Prioritize threats that matter for your business and reduce the response time significantly.
  • Take advantage of flexible data models and extensive connectors to ingest all your threat feeds from variety of sources and remove redundancy – single source of truth.
  • Provide output to any systems you require – SIEM, SOAR, XDR, you decide!
  • Comply with STIX 2.1 and generate structured, standardized threat intelligence
  • Automate response by making use of readily-available playbooks, powered by AI

Community involvement

We are proud to have a very involved community and an iterative feedback loop. Our engineers and product teams interact frequently with the TI community, listening to our users and releasing product updates almost every week.

OpenCTI is becoming ‘go-to’ threat intelligence platform not only for the enterprise customers but also for government intelligence agencies and CERTs like NATO, CERT-EU, ENISA.

True to our principle of collaboration, we are developing a broad ecosystem of security vendors to partner with and provide connectors for. We are happy to work with you directly or your managed services provider, whatever your requirement might be.

Filigran – Key Figures

OpenCTI is available in two versions, designed to meet the diverse needs of the threat intelligence community. The Community Edition is an open-source platform that provides essential capabilities for structuring, analyzing, and sharing intelligence, empowering security teams, researchers, and organizations to collaborate effectively. For those who require advanced scalability, automation, AI-powered insights & report customizations, natural language interaction etc, the Enterprise Edition extends these capabilities with additional features and dedicated support. Whether you’re just starting with threat intelligence or managing a global security team, OpenCTI provides a flexible solution to match your needs.

OpenCTI transforms threat intelligence into a force multiplier, enabling analysts to be proactive and strategic rather than reactive.

Our journey has just started

Ultimately, building a robust threat management program is useful only if the threat intelligence coming out of it is actionable and put to good use. One of the use cases is Breach and Attack Simulation (BAS) exercises, which require credible threat intelligence with the right context. This is precisely what OpenCTI provides, making BAS a natural next step for us. With our new OpenBAS platform, you can leverage threat intelligence from OpenCTI to create and execute real-world breach and attack simulation scenarios. The two platforms are seamlessly integrated, combining the power of automation and simulation for a more effective security strategy.

At Filigran, we rewriting the rules for threat management, one product at a time! More on eXtended Threat Management (XTM) and OpenBAS in my next blog, in the meanwhile, do explore our XTM hub where you can get your hands on live demo access for both of our products and experience the usefulness of these platforms yourselves!

Filigran XTM Hub

Read more

Explore related topics and insights

Stay up to date with everything at Filigran

Sign up for our newsletter and get bi-monthly updates of Filigran major events: product updates, upcoming events, latest content and more.