A threat intelligence platform that does the work.
Many platforms hand you the tools and leave the lifecycle to your team. Liberty91 runs the whole thing, collection, analysis, production, and delivery, and tailors the output to each organisation it covers. Real intel at machine speed, with no team to build.
Start Free TrialWhat a threat intelligence platform should do.
A threat intelligence platform is supposed to carry the full lifecycle, not just store indicators. Liberty91 runs every stage and keeps the output specific to you.
Collect
Pull from hundreds of sources continuously, security news, vendor reporting, premium intelligence, dark web, and social, without anyone stitching feeds together by hand.
Analyse
Read every event against the Intelligence Requirements that matter to each organisation, enrich the indicators, and assess relevance to that specific organisation rather than to the world in general.
Produce
Turn what matters into finished products: written reports, IOC lists, Sigma detection rules, and STIX 2.1 bundles, drafted and ready to use rather than left as raw data to process.
Deliver
Dispatch the right product to the right person and the right system through Mailroom, with an auditable record of every send. Intelligence only reduces risk once it reaches whatever acts on it.
Platform, feed, tool, or service?
The terms get used interchangeably, so it is worth being precise. A threat intelligence feed is raw input, a stream of indicators that someone still has to collect, deduplicate, and turn into something a stakeholder can act on. A threat intelligence tool or platform is what aggregates those inputs, enriches them, analyses relevance, and produces finished intelligence.
Threat intelligence as a service means that whole lifecycle is run for you and delivered as an ongoing service, rather than a stack you build and staff yourself. Liberty91 sits where those two ideas meet: a platform that is delivered as a service, so you get finished, tailored intelligence without operating the machinery behind it.
Read the full explainer: what is a threat intelligence platform (TIP)? →
What makes Liberty91 different.
Plenty of platforms aggregate and store. The difference is what happens after collection: how specific the intelligence is to you, and how little work it leaves on your desk.
Tailored to each organisation
Every organisation has its own self-maintaining Intelligence Requirements, derived from its assets, suppliers, sector, and geography. Two organisations in the same industry get different reports because their requirements are different. The relevance call is made for them, not for a generic audience.
Finished intelligence, not just feeds
A feed gives you indicators someone still has to collect, deduplicate, and contextualise. Liberty91 does that work and hands over finished reporting with the context, the detection content, and the recommended action attached.
Delivered to people and tooling
Reports for the humans who need the read, plus IOC lists, Sigma rules, and STIX 2.1 bundles for the SIEM, SOAR, firewall, and threat intelligence platform downstream. Structured and scored, so automated and AI security agents can consume it directly.
Real intel at machine speed, no team to build
You get the output of a mature CTI function without standing up a large analyst practice, licensing sources one by one, or running a 12-month build. The platform runs the lifecycle; your people apply judgement instead of doing the plumbing. If you already have a team, it is a multiplier: the same analysts cover far more ground, faster, and the work that gets done is more relevant and more actionable.
Built for MSSPs and mid-market budgets
Run it multi-tenant across a whole customer base under your own brand, or run it for a single mid-market team that historically could not justify a dedicated intelligence programme. Priced so the economics work either way.
An auditable trail of delivery
Mailroom writes every report, IOC list, detection rule, and STIX bundle to a Sent log you can filter per organisation. That is the evidence you bring to a review, a renewal, or an internal audit of what was shared and when.
Built around Intelligence Requirements.
The reason the output is specific to you is the spine of the platform. Intelligence Requirements are self-maintaining knowledge bases on the topics you care about: sectors, malware families, threat actors, suppliers, assets, and the concerns unique to your organisation. The platform keeps them current and reads every incoming event through every relevant one, so each report lands with cumulative context rather than starting from a blank page.
Anything you author, and the data you feed it, stays private to you. Practitioners often call these Priority Intelligence Requirements; they are the same concept, prioritised, and on Liberty91 the platform handles the prioritisation continuously.
How Intelligence Requirements work →Comparing threat intelligence platforms?
If you are weighing up the options, it helps to look at each one on its own merits and decide which fit your team and budget. We keep a set of objective, factual comparisons for the platforms people ask about most.
See the comparisons →Frequently Asked Questions.
Ready to do more with less?
Request a demo or start your free trial today. Get instant access to AI-powered threat intelligence tailored to your organisation.