Reviewing the threat intelligence features of VeriSign iDefense

Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.

VeriSign Inc., based in Reston, Va., has been a part of the threat intelligence industry since 1998.

The company's intelligence offering, VeriSign iDefense Security Intelligence Services, is a collection of vendor-agnostic services designed to complement an organization's existing security defenses and staff. The global intelligence component analyzes public and private information and provides actionable intelligence regarding zero-day threats, malware and similar vulnerabilities, as well as threats against critical infrastructures from a variety of political and social actors. The suite of services also includes assistance with incidents and response, vulnerability management and fraud-related risk management.

Although VeriSign iDefense threat intelligence provides real-time threat data feeds for select systems, the service also delivers actionable intelligence reports that detail country and regional emerging events, as well as customized reports on issues that pose credible risks to specific industries and organizations.

Verisign delivers iDefense security intelligence through VeriSign IntelGraph, a security intelligence platform and an API that provides context to data. Users can search IntelGraph and then, according to its website, "visualize and contextualize relationships between elements" within the intelligence knowledge base.

Using IntelGraph, customers may search for threat information and receive automated daily intelligence alerts and periodic summary and trend reports that focus on known and emerging threats, types of adversaries, their capabilities, and the evolution of their tactics, among other relevant intelligence.

Customers can also correspond with threat intelligence subject matter experts who specialize in malware analysis and response strategies to better protect their networks and confidential data.

Data feeds

Data for VeriSign iDefense feeds is collected from over 45,000 monitored systems and applications from over 700 vendors. Using both human and automated techniques, iDefense filters, analyzes, categorizes and prioritizes the resulting information according to organization relevance, severity and criticality. Customers can integrate the feeds into certain security management systems, such as RSA Archer, HPE ArcSight, RiskVision (formerly known as Agiliance), Skybox Security and Qualys Vulnerability Management.

Typical customer

VeriSign iDefense customers are typically midsize to enterprise organizations, such as corporations, financial institutions and government agencies.

Pricing and licensing

The cost of VeriSign iDefense varies greatly, and is customized for each customer based on the scope of service, such as the number and frequency of customized reports.


VeriSign offers 24/7 year-round standard support to iDefense customers through its Customer Service Center and technical experts -- technical account management services are available for an additional fee. Malware analysis and immediate assistance with external attacks is also available on a per-incident basis for a fee. Free resources on the VeriSign website include white papers, cyberthreat reports, webinars and a threat intelligence blog.

Next Steps

Learn the five key criteria for evaluating threat intelligence services

See how the top threat intelligence services stack up against each other

Dig Deeper on Risk management

Enterprise Desktop
Cloud Computing