When it Comes to Threat Intelligence, A Discerning Approach Pays

Organizations currently subscribe to an average of 7.5¹ threat intelligence services, up 44% from 2018. This increase highlights the growing importance placed on threat intelligence by security practitioners and recognizes the benefits of threat intelligence in the ongoing fight against cyber crime.

Although the statistics seem like a positive step forward, the increase of threat data from multiple vendors contributes to information overload in the SOC. This can lead to serious vulnerability problems. Threat intelligence data is not actionable without context and piling data on top of more data does not give organizations greater protection against the latest threats; it simply tasks security teams with hours of analysis.

Historically, comparing threat intelligence providers has not been easy, but the recent Forrester report compares 12 vendors, each of which have the following in common:

• They are large, global organizations that offer a comprehensive combination of vulnerability, brand and cyber threat intelligence
• Revenue gained from threat intelligence services represented at least $10m per annum, generated by servicing over 100 clients
• Vendors employed an extensive threat intelligence team with a diverse set of skills and cultural backgrounds

The 12 evaluated organizations were scored against 26 different criteria including: intelligence analysis, vulnerability intelligence, eliciting intelligence requirements, cyber threat intelligence, strategic partners, innovation roadmap and product vision. The criteria were grouped into three high-level categories that indicated the strength of each vendor’s current offering, strategy and market presence.

The report, published earlier this year, cites FireEye’s position as a leader in threat intelligence. FireEye received the highest possible scores in 18 of the 26 criteria. The Forrester report comments:

While attackers are constantly looking for ways to evade or defeat security measures, adapting as they are discovered or when their tactics stop working, threat intelligence collection must also develop new ways to track threat actors. FireEye Mandiant continually innovates its methods of data collection, investing heavily in human expertise around the world. Our team of 260 researchers generate thousands of reports, curating data from four sources:

FireEye Mandiant has a unique view into the threat landscape. The four different lenses used to analyze adversaries help us track threats throughout their lifecycle. While many threat intelligence vendors regurgitate the data they collect and leave SOC teams and analysts to sift through it, Mandiant Threat Intelligence applies unique algorithms and expert opinion to the data, transforming it into contextualized, actionable threat intelligence, complete with an M-Score—Mandiant’s in-house scoring system which rates the confidence level in each threat. Our browser plugin, search and filtering features enable users to access the latest threat intelligence whenever they need it, without undertaking hours of data processing.

Innovation and advances in technology are removing the need to stockpile threat intelligence data from multiple vendors. Instead, research the right vendors and ensure they deliver the tools you need to inform your team of the latest threats to your organization. This can considerably ease the burden on the SOC, giving teams more time to undertake proactive activities such as threat hunting.

READ THE REPORT >

¹ Forrester (March 23, 2021). The Forrester Wave™: External Threat Intelligence Services, Q1 2021