U.S.T.A. (Unified Security Threat Alliance)
Threat intelligence platform monitoring deep and dark web to detect fraud, brand abuse, and adversarial threats.
Vendor Information
U.S.T.A. (Unified Security Threat Alliance) Overview
U.S.T.A. (Unified Security Threat Alliance) is a threat intelligence platform operating since 2012 serving banking, finance, e-commerce, aviation, insurance, energy, defense, and telecommunications sectors with five modules: Deep Sight for intelligence briefings, Security Intelligence for account takeover prevention and vulnerability detection, Brand Protection for anti-phishing and automated takedown services, Fraud Intelligence for stolen credit card detection with notifications under 60 seconds, and Attack Surface Management for external vulnerability identification. The platform monitors deep web, dark web, underground platforms, hacking forums, and threat actor channels including Jabber, Internet Relay Chat (IRC), Telegram, and Discord to deliver intelligence from adversarial sources rather than aggregated feeds.
The platform provides over 60 Application Programming Interfaces (APIs) for integration with Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms including Splunk and Cortex eXtended Security Orchestration, Automation and Response (XSOAR), enabling automated ingestion of Indicators of Compromise (IOCs) such as malware signatures, malicious Uniform Resource Locators (URLs), and phishing sites. Key capabilities include automated phishing and social media takedown, 24/7 leak database access, customized strategic intelligence reports by sector and country, Investigation Request module for malware analysis, and real-time fraud notifications under 60 seconds for stolen credit cards.
Developed by Prodaft, founded in 2012 by Can Yildizli (Chief Executive Officer) and Koryak Uzan (Vice President of Products & Services) and headquartered in Yverdon-les-Bains, Switzerland with offices in The Hague, Netherlands and Turkey, the company maintains approximately 52 employees while remaining bootstrapped. U.S.T.A. received Best Security Product of the Year in 2015 by Retail Banker and was featured in Red Herring's Top 100 companies in 2015, with a complete user interface revamp in 2025 featuring advanced filtering for threat analysis and investigation workflows.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Monitors dark web marketplaces for listings of network access to the organization, initial access broker activity typically precedes ransomware deployment by days to weeks.
Monitors paste sites, stealer log markets, and breach aggregators for credentials (email addresses, hashed passwords, plaintext passwords) associated with the organization's domains.
Monitors active ransomware group data leak sites for organization name, domain, or data sample publication, providing early warning of a ransomware incident or extortion attempt.
Indexes dark web forum and Telegram channel content for organization mentions, infrastructure targeting discussions, and employee targeting.
Implements controlled intelligence sharing with trusted peers, ISAC communities, and government entities through STIX/TAXII or proprietary sharing protocols with configurable TLP-based access controls.
Monitors dark web forums, marketplaces, and Telegram channels for mentions of the organization, leaked credentials, sale of access, and targeted threat actor activity.
Augments raw IoCs (IPs, domains, file hashes, URLs), with threat actor attribution, campaign context, confidence scores, and expiry dates to reduce false positive operational noise.
Pushes enriched IoCs directly into SIEM detection rules and SOAR playbook inputs, automating indicator lifecycle management rather than requiring manual export and import.
Ingests structured threat intelligence in STIX 2.x format over TAXII 2.1 from commercial, government, and ISAC feeds, normalizing indicators and TTPs into a common data model.
Maintains structured profiles of named threat actor groups with associated TTPs, infrastructure patterns, targeting history, and motivations, updated from multiple intelligence sources.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile