Threat Intelligence

Subex Secure Threat Intelligence platform provides reliable, detailed, real-time intelligence information of global IT, OT, and IoT threats with a contextual understanding of techniques used by adversaries, the impact of an event with actionable mitigation steps. Subex Secure’s threat intelligence uncovers the Cyber KILL CHAIN and steps taken by adversaries to achieve their targets, helping Security leaders, SecOps and Incident Response teams to proactively identify IOCs (Indicators of Compromise), and enhance their security controls against new and complex IT-OT and IoT cyber threat landscape.


With STIX/TAXII, as an industry-recognized threat intelligence exchange format, ingesting and integrating cyber threat intelligence within organizations’ security programs is becoming seamless and automated. IOCs, active and passive exploits can be represented in the form of objects and detailed relationships. Subex Secure threat intelligence consolidated threat intelligence feeds are provided in STIX/TAXII format and APIs. This allows you to leverage intelligence information to strengthen your IT-OT and IoT security for mitigating and remediating through automated fashion, including integrations with your SIEM, firewalls, EDR, IDPS, and SOAR.

Subex Secure Threat Intelligence

IT-OT converged networks and connected ecosystems such as IoT, relevant threat intelligence is critical. While there are several generic threat intelligence sources, Subex Secure’s threat intelligence combines over 35+ external syndicated sources combined with one of the largest organic IoT and OT specific honeypot repositories, deployed across 70+ global locations, tracking 12m+ IoT/OT intrusions, with 6000+ devices and 400+ types of architectures. This generates about 28%+ organic threat intel information that makes Subex Secure Threat Intelligence the most advanced in the market. In addition, we use advanced AI techniques and analysis based on the MITRE ATT&CK framework to categorize IT, OT, and IoT threat indicators, adversary tactics, techniques and procedures, the reputation of domains, blacklisted IPs, and more.

Subex Secure’s global IoT and OT honeypot discovers and maps over 80,000 samples of IT/OT and IoT threats daily, analyzes endpoints such as devices, webapps, PLCs, RTU’s etc., running diverse set of services, protocols, architecture, operating systems and applications. This information is analyzed to capture – IOCs, risks to policies, procedures, misconfigurations, and exploits are identified and reported in the form of Subex threat Intelligence Objects. The data is consolidated in a centralized cloud database accessible through STIX 2.x formats, user-based authentication and/or APIs.

Threat Intelligence Feeds –

Using Subex Secure ‘s TAXII server, customers can subscribe to the feeds that is STIX-formatted threat intelligence while also connecting compatible TAXII clients directly to visualize threat intelligence data or integrate with other watchlists. This TAXII server provides metrics like IOCs, Packet Rules, STIX indicators, threat definitions, vulnerabilities, potential exploits, and scores IoT and OT intelligence. Subex Secure threat intelligence feeds licenses can be based on users, time-bound, and/or based on request limits.

APIs are available with documentation that is provided for customers to directly integrate threat intelligence information to existing systems or a compatible client.

Subex Secure Threat Intelligence platform helps users

  • Stay up-to-date with the latest and emerging IoT/OT threat Information with intuitive dashboards.
  • Be informed about new additions to threat intelligence being added
  • Easily categorize between IT, OT, and IoT-specific threat information.
  • Identify and study file-based and network-based attacks.
  • Link various steps of the kill chain from IOCs to exploits with TTPs.


STIX objects can directly be analyzed from within the platform by searching and selecting the threat category of interest. This list provides all available STIX objects that are available for deeper analysis.

Attack information is available with intelligence details such as Indicators, observed data, vulnerabilities, network traffic, Infrastructure, attack pattern, and locations. The topology view (link analysis) provides deeper insight into how an adversary navigates through each step of the KILL chain to achieve the target and execute malicious functions.

Attack Patterns indicate the different tactics that can be used to exploit IoT/OT infrastructure. The threat Intelligence platform is regularly updated to ensure the latest tactics are updated within the platform. Course-of-Action objects enable users to identify the steps required to mitigate underlying threat and integrate it within their existing or build necessary security controls.

Get Started with Subex

Schedule a Demo
close slider

    I consent to receive communications from Subex Limited. Confirm Opt-In