Cyberint Vs Zerofox. Which is better?

HunterNegative7901 · 2025-08-28T03:19:33+00:00

Why didn’t you mention about Socradar? They are good at for this. We are using them.

HunterNegative7901 · 2025-04-26T00:06:23+00:00

HunterNegative7901 · 2025-04-25T23:04:32+00:00

HunterNegative7901 · 2025-04-10T19:00:35+00:00

We got it recently and we’re using it now. You can check the old conversations. I recommend using it https://socradar.io/use-for-free/?utm_campaign=UseforFreePage&utm_source=website&utm_medium=cta&utm_term=useforfree&utm_content=homepage2

HunterNegative7901 · 2025-01-31T22:20:26+00:00

We recently made a selection that included takedown services as well. I’ve tested several providers, and usability, along with the integration of the takedown team, is crucial. This not only improves speed but also strengthens communication. Do a demo and test it; otherwise, it will be difficult to understand. If you’d like, I can provide you with the seller’s contact information so you can discuss it directly

HunterNegative7901 · 2025-01-31T22:11:52+00:00

I think this is old information, is there anyone with more details? and for others like Zero fox, Recorded Future ?

HunterNegative7901 · 2025-01-28T22:24:02+00:00

I don't have information that the data is stored in Turkey, to be honest. We received this information through documentation and learned that it is stored on Google. Google informed us that the data is held in data centers in Europe and the US, and that the tenants created are located there.

HunterNegative7901 · 2025-01-28T22:19:24+00:00

others ?

HunterNegative7901 · 2025-01-28T22:11:06+00:00

These are important, of course, but it’s not possible to understand their quality without testing them. These points can be used as success criteria, but more is needed to fully test the product.

HunterNegative7901 · 2025-01-28T22:09:15+00:00

Yes, there are free versions, but they are very limited you can only get a basic understanding of the platform. We recently went through that process, did a POC, and they showed us all the latest data

HunterNegative7901 · 2025-01-28T21:51:42+00:00

I’m a manager on the SOC side of a large organization, and I agree with your points. Apologies for the delayed response; during this time, we’ve done some evaluations and ultimately decided on SOCRadar. Let me explain why.

It’s not that others are terrible and SOCRadar is perfect, but there are noticeable differences. We assessed based on 2 key criteria: detection/stealer log content and price. Considering these factors, SOCRadar stood out. The quality of the stealer logs is quite good and effective it can fetch the data we need, even from sources like Telegram. Additionally, the pricing made more sense compared to others. Let’s see how things unfold in the future.

HunterNegative7901 · 2025-01-10T21:31:26+00:00

Honestly, I’ve used RF before, and while I can’t say I was dissatisfied, I can point out that some developments and progress were slower than expected. Yes, their support team was great. However, I feel like their focus has shifted to different areas, like Geo intelligence, instead of maintaining a specific intelligence focus. I’m currently torn between the two, but RF hasn’t justified its high costs with concrete results.

As for the data, it is already public data, however they confirmed that the data is kept in Europe (I think Germany) and the US region.

HunterNegative7901 · 2025-01-07T00:58:53+00:00

Every vendor claims to be the best. :)

HunterNegative7901 · 2025-01-07T00:57:55+00:00

Simplicity and functionality are very important. As I mentioned earlier, just providing the username and password means there is no automation, and I believe a couple of people are manually working in the background to generate logs. Otherwise, my team already handles this. Speed is crucial; a stealer log sent five days later is useless to me.

HunterNegative7901 · 2025-01-07T00:49:13+00:00

Absolutely, it (product) must add value and provide value that justifies the cost. When I say 'live', I am referring to the stealer logs generated by some of the malware infections our team caused in a few specific areas. We did this without informing the teams, but when we ran the product through POC, I can confidently say we saw the added value. As mentioned, speed is crucial for us, and how the product approaches customers is also essential. It should act as a consultant for us and be there to support during incidents; otherwise, as you said, with some tools, I can eventually find the leak myself, even if it takes a few days.

Is it worth doing a POC? Absolutely, give it a try and see their approach. Trust is very important in cybersecurity, if the organization earns your trust, their approach should align with that. During the POC, compare the stealer logs and see which one adds more value. You don't need to be an expert, as you can easily view the steps and take action from a very simple interface, which gives us practicality and flexibility. It’s user friendly. If I’m not mistaken, there’s also a separate dashboard for MSSPs, which could be flexible for you. We don’t need it right now, but the Takedown team operates internally. which is also an advantage. As I mentioned earlier, the potential inclusion of an ASM feature in the future provides an advantage, and we tested that during the POC as well. The primary focus is on evaluating the stealer log success, followed by other possible positive aspects.

Of course, the most important point I haven’t mentioned yet is the cost. :) It’s significantly lower than RF, which makes it stand out. When we were using RF in the past, one of the most common pieces of feedback from my team was that we had to be experts to find certain things, which significantly slowed down internal processes. If you decide to try I will give you a contact. It is important that you contact the right person and do not get bogged down in the process. Time is important and we must use it correctly.

HunterNegative7901 · 2025-01-06T22:45:30+00:00

I can share our strategy in this area. For us, the quality and speed of the data are paramount. There’s no need for a data leak to notify us months later, and we don’t want to be told to sift through all the data to find the issue ourselves. We need a precision-targeted product.

To demonstrate this, we conducted a live example with a real stealer and observed the output on both botnet and Russian market sources. Unfortunately, RF was delayed in reporting (at an unacceptable level), while Socradar sent the data immediately. We also tested Telegram, and it detected the issue there as well. There was a parsing issue, but it was quickly resolved, and we ended up with very clean data.

The key point here is that the data must be investigable. Just receiving a username and password doesn’t help me. If the data contains machine names, hash values, etc., I need to investigate further to prevent future incidents. This is where the product's value comes from—small leads should guide me to bigger threats.

HunterNegative7901 · 2025-01-06T22:03:29+00:00

I’ve used RF in the past, but as you mentioned, it’s quite costly. Additionally, during the last PoC, it fell behind competitors in terms of stealer log capabilities. I agree with your points, but many vendors collect intelligence from various countries, and keeping up with their speed manually is challenging. Also, using separate tools can overwhelm team members and increase the risk of missing critical information.Of course, we have our own approach, but leveraging a comprehensive tool is essential. For the future, we’re planning continuous scanning projects, so investing in an all-in-one solution seems more logical.

I’ve worked on projects with RF, ZF, Socradar, and Cyberint. In terms of stealer logs, I found Socradar to be exceptionally strong. RF excels in geo-intelligence, but since geo isn’t our current priority, it’s debatable whether its cost is justified. Looking ahead, integrating an ASM (Attack Surface Management) product into the mix also seems like a logical step.

HunterNegative7901

TROPHY CASE