CF20: 2024's 20 Top Threat Intelligence Providers

Omdia’s Elvia Finalle and Frost & Sullivan’s Martin Naydenov cite CrowdStrike among top threat intelligence providers. In May, CrowdStrike unveiled new cloud detection and response (CDR) innovations to unify managed threat hunting with deep visibility across cloud, identity and endpoints to speed detection and response across every stage of a cloud attack. Beginning with Microsoft Azure, new CDR innovations expand visibility into cloud control plane activity, strengthening existing threat hunting for cloud runtime environments.

ZeroFox is a strong contender in threat intelligence, Finalle and Naydenov said. In May, private equity firm Haveli Investments completed its acquisition of ZeroFox, taking the company private. Through this investment, ZeroFox will continue to expand its cybersecurity platform, invest in go-to-new market channels, and accelerate innovation to better protect customers.

Naydenov said Kaspersky is among leading threat intelligence providers.

Frost & Sullivan's Martin Naydenov

In April, Kaspersky introduced its new flagship product line, Kaspersky Next, combining endpoint protection with the transparency and speed of endpoint detection and response (EDR). Customers can choose one of two product tiers tailored to their business requirements, the complexity of their IT infrastructure and their available resources.

Finalle and Naydenov cite Recorded Future among top threat intelligence providers. In February, Recorded Future AI emerged from beta to augment humans and defend democracy against converging global threats. Expanding Recorded Future AI capabilities, the new enterprise capabilities offer every analyst across an organization a generative AI-based assistant for intelligence and defense, as well as the ability to software-define very large enterprise threat surfaces in physical and cyber space, and use those in AI analytics.

IBM is among top threat intelligence contenders, Finalle and Naydenov said.

“The threat intelligence market has not changed dramatically,” said Forrester’s Brian Wrozek. “Threat intelligence service providers are repackaging their offerings to make it easier to consume. They are enhancing the UI/UX to make it easier for analysts to work within their platforms. Another beneficial feature is the addition of enhanced generative AI capabilities to make it easier to summarize and query large volumes of data.”

Finalle and Naydenov name Google Cloud/Mandiant among top threat intelligence providers. In May, Google unveiled Google Threat Intelligence, a new Google Cloud Security offering. The service aims to provide organizations with enhanced visibility into the global threat landscape, enabling them to better protect digital assets and respond to emerging cybersecurity threats.

NSFocus is a top threat intelligence provider, Finalle and Naydenov said. Last October, NSFocus announced a comprehensive suite of security offerings designed to enhance the continuous threat exposure management (CTEM) program for organizations of all sizes. CTEM is a five-step process that allows organizations to identify, assess and mitigate cyber threats continuously and consistently.

Finalle said Microsoft is among top threat intelligence contenders.

“For a vendor to provide a good threat intelligence solution, they need to be able to get feedback from their clients and end users, revisit their logistics and adopt the way data is being analyzed, and how good the recommendations and solutions are getting formulated and integrated,” she said. “Threat intelligence solutions should also be able to distinguish themselves from other alternatives such as open-source intelligence, and make sure that they are able to provide users with not only data-driven strategies, but provide a deep understanding of the unique environment, and give insights that must be actionable.”

Cyware is among top threat intelligence contenders, Finalle and Naydenov said. In May, Cyware announced the launch of Cyware Quarterback, an AI-powered interface, which will provide its enterprise customers and network members a way to efficiently perform actions on their security infrastructure. Cyware Quarterback adds an AI layer on any organization's set of disparate cybersecurity tools to assist in complex decision-making and effectiveness.

Finalle cited Palo Alto Networks among top threat intelligence contenders. In May, Palo Alto Networks introduced a host of new security solutions to help enterprises thwart AI-generated attacks and secure AI by design. Leveraging Precision AI, the new proprietary innovation that combines machine learning (ML) and deep learning (DL) with the accessibility of generative AI, the vendor is delivering AI-powered security that can outpace adversaries, and more proactively protect networks and infrastructure.

Naydenov said ThreatConnect is a top threat intelligence provider. In April, ThreatConnect announced the release of ThreatConnect 6.5. This release introduces new capabilities that provide security operations and cyber threat intelligence (CTI) analysts with an improved threat intelligence and investigations experience with better visualizations, more context and more automation. It also introduces enhancements for multitenant environments and optimizes the analyst experience by reducing management overhead and streamlining analysts’ ways of working.

Bitdefender is focused on good team support when clients have questions or come across issues when utilizing its threat intelligence solution, Finalle said. It also has scans that go after any types of threats, and helps users eliminate them without them having to work manually.

Cybersixgill is among leading threat intelligence providers, Naydenov said.

“Cyberattacks are increasing in sophistication, volume and diversity, propelled by AI advancements and carried out by specialized threat actors, including criminals and nation-states,” he said. “As a result, businesses face heightened risks, particularly phishing attacks, prompting a shift in cybersecurity spending toward proactive security, such as threat intelligence to gain insights into attackers’ methods and motivations.”

Trend Micro is among top threat intelligence contenders, Finalle said. In May, Trend Micro launched additional AI-powered functionality in its Trend Vision One platform to secure organizational use of AI and better manage the risks associated with mass adoption of new AI tools. The new capabilities aim to protect every person accessing public or private generative AI services across organizations.

Naydenov cites Flashpoint among top threat intelligence providers. Flashpoint’s cyber threat intelligence (CTI) solutions and approach combine technology with human expertise. This ensures its cybersecurity services can be tailored to a wide range of clients, across the financial services, government, retail, health care and technology sectors.

Trellix ranks among top threat intelligence contenders, Finalle said.

Wrozek said threat intelligence is a crowded and established market, but that doesn’t stop new startups from “joining the fun.”

“Some providers are expanding their portfolio to cover a comprehensive set of use cases, while others are doubling down to focus on specific areas like malware analysis or anti-fraud intelligence,” he said. “Another trend is new entrants providing regional and industry specific intelligence. New entrants will be challenged to demonstrate how they differentiate from the competition and compete against established providers who have name recognition and historical data for analysis on their side.”

Finalle names Avast among top threat intelligence providers.

“Their threat intelligence solution works by pulling data from Avast users, scanning multiple URLs and proclaiming that they are one of the largest threat detection networks in the world,” she said.

OpenText ranks among top threat intelligence providers, Finalle said. In May, OpenText announced it had acquired Pillr, a managed detection and response (MDR) platform, from Novacoast. OpenText said the combination of its security expertise with Pillr’s technology provides enhanced threat hunting, monitoring and response.

Finalle cites Rapid7 among top threat intelligence contenders. Last November, Rapid7 announced its newest innovation in AI-driven threat detection for the cloud. This enhancement improves security operations center (SOC) teams’ visibility and response time to cyber threats across public cloud environments.

Proofpoint ranks among top threat intelligence providers, Finalle said. In May, Proofpoint unveiled two AI-powered email security innovations for comprehensive end-to-end email protection. The newest email security capabilities are:

Proofpoint ranks among top threat intelligence providers, Finalle said. In May, Proofpoint unveiled two AI-powered email security innovations for comprehensive end-to-end email protection. The newest email security capabilities are: