GigaOm Radar for Threat Intelligence Solutionsv1.01

1. Summary

Risk-based cyber defense strategies and secure infrastructures require validated and actionable threat intelligence (TI). The adoption of intelligence-based approaches for enterprise security operations and risk management has grown steadily as the threat landscape and the amount of data required to implement an intelligence-led cybersecurity framework has increased year over year. The threat intelligence lifecycle is a big data and data analytics problem. This is especially true for threat intelligence platforms (TIPs) that are casting a wide net to collect billions of data points, all of which must be fed through their threat intelligence pipelines.

In general, there are two approaches to threat intelligence solutioning, though both share the same goal: to help organizations protect their environments, endpoints, and assets from known or emerging cyber threats. TIPs will correlate logs and telemetry data against the database of threat data and information, while TI providers take a more focused approach by scoping the collection and correlation through queries or client-specific threat intelligence programs. The decision whether to implement a TIP or a TI provider will come down to the specific requirements and the use case of the organization. As an example, security operations and vulnerability management will see a short time to value from the broader collection and correlation of a TIP, and threat hunters will see immediate value from the reduced scope and the more precise querying ability delivered by Tl providers.

Threat intelligence is still an evolving space. While the belt that has historically restricted security organizations has loosened, many security teams remain overwhelmed and face burn out. This issue is exacerbated when their existing threat intelligence solution is inadequate—causing security teams to waste hours investigating unreliable data and noise.

Digital transformation and the increasing number of remote and hybrid workers have drastically changed the way security professionals work. To optimize their approach to detection and response, security professionals must implement proactive strategies in place of reactionary ones. Even the best reactionary strategies are inadequate when attempting to stop mid-level adversaries.

Knowing the tactics, techniques, or procedures (TTPs) of your organization’s threats can help you plan, test, and engineer effective detections and responses before an incident. Put more simply, proactive intelligence-based threat strategies accelerate the effectiveness and reactiveness of your threat defense and incident response organizations.

This GigaOm Radar report highlights key threat intelligence vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Threat Intelligence Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.