Threat Intelligence Cuts SOC Response Times by 21 Minutes, ANY.RUN Claims

Modern SOCs face alert overload, forcing analysts to spend time on manual enrichment instead of decision‑making. This delay increases dwell time and raises incident costs. Threat intelligence that supplies pre‑analyzed context can shrink the investigation loop.

ANY.RUN’s intelligence is built from daily sandbox analyses performed by more than 600 k analysts in over 15 k organizations worldwide. Using its TI Lookup tool, teams have reported up to a 20 % reduction in Tier 1 workload and up to a 30 % drop in Tier 2 escalations. Overall, behavioral intelligence from the platform has been linked to response‑time improvements of as much as 21 minutes per alert.

Faster triage means threats are contained sooner, limiting dwell time and reducing the chance of credential abuse or lateral movement. Defenders should integrate ANY.RUN’s TI Feeds for real‑time IOCs, enable TI Lookup for instant context, and schedule regular TI Reports to guide threat‑hunting. Configuration steps include adding the feed to SIEM/EDR enrichment pipelines, setting up automated lookup scripts for IP/domain/hash queries, and tuning alert thresholds to reflect the reduced false‑positive rate. Watch for upcoming updates to ANY.RUN’s sandbox coverage and any new MITRE ATT&CK technique mappings they publish.