Swapped threat intel feeds from a premium one to a free one for 3 months

I switched from a $15k/year threat intel feed to a free open source one back in February just to see what would happen. Turns out the free one caught a ransomware indicator 6 hours before the paid one even flagged it. Has anyone else found cheaper tools that actually outperform the expensive stuff?

3 comments

3 Comments

lucasschmidt18d ago

Yeah I had a similar moment of truth last year. I swapped a $500/month SIEM for a free one and my house almost burned down because I forgot to set up the log retention right. But once I figured it out, the free one actually caught a cryptominer that the expensive one was letting through for weeks. Guess the premium vendors are just charging for the fancy dashboard and the sales lunch.

rubyshah18d agoMost Upvoted

Hold up @milaw14, are you saying your literal house caught fire? That is way more intense than I was expecting from a log retention mistake. Anyway, @lucasschmidt, what made you ultimately trust the free tool after the near disaster? I keep wondering if it was just luck that it caught the cryptominer, or if the premium vendor was actually missing obvious threats. Like, did you do any testing between the two once you had the free one stable, or did you just have to fly blind and hope for the best? I am always curious how people get that confidence back after a close call like that.

milaw1418d ago

Wow, your house almost burned down? That's way more literal than I was expecting.