CF20: 2024's 20 Top Threat Intelligence Providers
CrowdStrike, Proofpoint and Palo Alto Networks all made our list. See who else did and why.
Omdia’s Elvia Finalle and Frost & Sullivan’s Martin Naydenov cite CrowdStrike among top threat intelligence providers. In May, CrowdStrike unveiled new cloud detection and response (CDR) innovations to unify managed threat hunting with deep visibility across cloud, identity and endpoints to speed detection and response across every stage of a cloud attack. Beginning with Microsoft Azure, new CDR innovations expand visibility into cloud control plane activity, strengthening existing threat hunting for cloud runtime environments.
ZeroFox is a strong contender in threat intelligence, Finalle and Naydenov said. In May, private equity firm Haveli Investments completed its acquisition of ZeroFox, taking the company private. Through this investment, ZeroFox will continue to expand its cybersecurity platform, invest in go-to-new market channels, and accelerate innovation to better protect customers.
Naydenov said Kaspersky is among leading threat intelligence providers.
Frost & Sullivan's Martin Naydenov
In April, Kaspersky introduced its new flagship product line, Kaspersky Next, combining endpoint protection with the transparency and speed of endpoint detection and response (EDR). Customers can choose one of two product tiers tailored to their business requirements, the complexity of their IT infrastructure and their available resources.
Finalle and Naydenov cite Recorded Future among top threat intelligence providers. In February, Recorded Future AI emerged from beta to augment humans and defend democracy against converging global threats. Expanding Recorded Future AI capabilities, the new enterprise capabilities offer every analyst across an organization a generative AI-based assistant for intelligence and defense, as well as the ability to software-define very large enterprise threat surfaces in physical and cyber space, and use those in AI analytics.
IBM is among top threat intelligence contenders, Finalle and Naydenov said.
“The threat intelligence market has not changed dramatically,” said Forrester’s Brian Wrozek. “Threat intelligence service providers are repackaging their offerings to make it easier to consume. They are enhancing the UI/UX to make it easier for analysts to work within their platforms. Another beneficial feature is the addition of enhanced generative AI capabilities to make it easier to summarize and query large volumes of data.”
Finalle and Naydenov name Google Cloud/Mandiant among top threat intelligence providers. In May, Google unveiled Google Threat Intelligence, a new Google Cloud Security offering. The service aims to provide organizations with enhanced visibility into the global threat landscape, enabling them to better protect digital assets and respond to emerging cybersecurity threats.
NSFocus is a top threat intelligence provider, Finalle and Naydenov said. Last October, NSFocus announced a comprehensive suite of security offerings designed to enhance the continuous threat exposure management (CTEM) program for organizations of all sizes. CTEM is a five-step process that allows organizations to identify, assess and mitigate cyber threats continuously and consistently.
Finalle said Microsoft is among top threat intelligence contenders.
“For a vendor to provide a good threat intelligence solution, they need to be able to get feedback from their clients and end users, revisit their logistics and adopt the way data is being analyzed, and how good the recommendations and solutions are getting formulated and integrated,” she said. “Threat intelligence solutions should also be able to distinguish themselves from other alternatives such as open-source intelligence, and make sure that they are able to provide users with not only data-driven strategies, but provide a deep understanding of the unique environment, and give insights that must be actionable.”
Cyware is among top threat intelligence contenders, Finalle and Naydenov said. In May, Cyware announced the launch of Cyware Quarterback, an AI-powered interface, which will provide its enterprise customers and network members a way to efficiently perform actions on their security infrastructure. Cyware Quarterback adds an AI layer on any organization's set of disparate cybersecurity tools to assist in complex decision-making and effectiveness.
Finalle cited Palo Alto Networks among top threat intelligence contenders. In May, Palo Alto Networks introduced a host of new security solutions to help enterprises thwart AI-generated attacks and secure AI by design. Leveraging Precision AI, the new proprietary innovation that combines machine learning (ML) and deep learning (DL) with the accessibility of generative AI, the vendor is delivering AI-powered security that can outpace adversaries, and more proactively protect networks and infrastructure.
Naydenov said ThreatConnect is a top threat intelligence provider. In April, ThreatConnect announced the release of ThreatConnect 6.5. This release introduces new capabilities that provide security operations and cyber threat intelligence (CTI) analysts with an improved threat intelligence and investigations experience with better visualizations, more context and more automation. It also introduces enhancements for multitenant environments and optimizes the analyst experience by reducing management overhead and streamlining analysts’ ways of working.
Bitdefender is focused on good team support when clients have questions or come across issues when utilizing its threat intelligence solution, Finalle said. It also has scans that go after any types of threats, and helps users eliminate them without them having to work manually.
Cybersixgill is among leading threat intelligence providers, Naydenov said.
“Cyberattacks are increasing in sophistication, volume and diversity, propelled by AI advancements and carried out by specialized threat actors, including criminals and nation-states,” he said. “As a result, businesses face heightened risks, particularly phishing attacks, prompting a shift in cybersecurity spending toward proactive security, such as threat intelligence to gain insights into attackers’ methods and motivations.”
Trend Micro is among top threat intelligence contenders, Finalle said. In May, Trend Micro launched additional AI-powered functionality in its Trend Vision One platform to secure organizational use of AI and better manage the risks associated with mass adoption of new AI tools. The new capabilities aim to protect every person accessing public or private generative AI services across organizations.
Naydenov cites Flashpoint among top threat intelligence providers. Flashpoint’s cyber threat intelligence (CTI) solutions and approach combine technology with human expertise. This ensures its cybersecurity services can be tailored to a wide range of clients, across the financial services, government, retail, health care and technology sectors.
Trellix ranks among top threat intelligence contenders, Finalle said.
Wrozek said threat intelligence is a crowded and established market, but that doesn’t stop new startups from “joining the fun.”
“Some providers are expanding their portfolio to cover a comprehensive set of use cases, while others are doubling down to focus on specific areas like malware analysis or anti-fraud intelligence,” he said. “Another trend is new entrants providing regional and industry specific intelligence. New entrants will be challenged to demonstrate how they differentiate from the competition and compete against established providers who have name recognition and historical data for analysis on their side.”
Finalle names Avast among top threat intelligence providers.
“Their threat intelligence solution works by pulling data from Avast users, scanning multiple URLs and proclaiming that they are one of the largest threat detection networks in the world,” she said.
OpenText ranks among top threat intelligence providers, Finalle said. In May, OpenText announced it had acquired Pillr, a managed detection and response (MDR) platform, from Novacoast. OpenText said the combination of its security expertise with Pillr’s technology provides enhanced threat hunting, monitoring and response.
Finalle cites Rapid7 among top threat intelligence contenders. Last November, Rapid7 announced its newest innovation in AI-driven threat detection for the cloud. This enhancement improves security operations center (SOC) teams’ visibility and response time to cyber threats across public cloud environments.
Proofpoint ranks among top threat intelligence providers, Finalle said. In May, Proofpoint unveiled two AI-powered email security innovations for comprehensive end-to-end email protection. The newest email security capabilities are:
Pre-delivery defense against both social engineering threats and malicious links.
New adaptive email security capabilities, offering a fully integrated layer of behavioral AI-based defense post-delivery to stop targeted threats such as lateral internal phishing and advanced email fraud for the most at-risk employees, all while offering API integration with Microsoft 365.
Proofpoint ranks among top threat intelligence providers, Finalle said. In May, Proofpoint unveiled two AI-powered email security innovations for comprehensive end-to-end email protection. The newest email security capabilities are:
Pre-delivery defense against both social engineering threats and malicious links.
New adaptive email security capabilities, offering a fully integrated layer of behavioral AI-based defense post-delivery to stop targeted threats such as lateral internal phishing and advanced email fraud for the most at-risk employees, all while offering API integration with Microsoft 365.
Threat intelligence is in higher demand than ever as cyberattacks are relentless and security professionals need all the help they can get to give them an edge in this fight.
Threat intelligence platforms consolidate and deduplicate intelligence information, and help analysts act on findings. Services may integrate threat intelligence with other aspects of security services. Those include managed security services or managed IT infrastructure.
Our latest CF20 for the third time focuses on threat intelligence providers. Analysts with Omdia, Forrester and Frost & Sullivan weighed in on threat intelligence market trends and what it takes to be a successful threat intelligence provider.
According to Verified Market Research, the global threat intelligence market totals nearly $11 billion and should reach nearly $39 billion by 2031, registering a compound annual growth rate (CAGR) of 18.95%
Threat Intelligence Improves Decision Making
Brian Wrozek, principal analyst of security and risk at Forrester, said the appetite for threat intelligence continues to grow for many reasons.
Forrester's Brian Wrozek
“Threat actors constantly change their infrastructure, malware and attack approaches, forcing organizations to keep up,” he said. “Threat intelligence greatly improves decision making. This is especially important with time-sensitive tasks like incident response and threat hunting to minimize the impact. Insights into the tactics, techniques and procedures (TTPs) of threat actors and malware campaigns allows organizations to pinpoint their efforts. Threat intelligence facilitates more accurate vulnerability prioritization, so the most critical gaps are addressed first. Threat intelligence allows organizations to be more proactive by pursuing disruption actions like taking down a rogue domain before it can send phishing attacks or forcing a password change after discovering compromised credentials on the dark web.”
Threat actors are employing more counterintelligence measures, which is why experienced threat intelligence analysts are needed to discover and maintain access to sources, Wrozek said.
“Consuming threat intelligence data is a simple task compared to deploying and maintaining other cybersecurity technologies or trying to gather all the information personally,” he said. “APIs allow incident of compromise (IOC) feeds to be ingested automatically, and threat intelligence service providers can send targeted alerts to reduce the analysis burden.”
Huge Amounts of Protected Data Isn’t Enough
Elvia Finalle, senior analyst of security operations at Omdia, which shares a parent company with Channel Futures (Informa), said organizations have come to realize that having access to huge amounts of data that is protected is not enough. They need to make sense of the data they are protecting and how it is being protected, find the weak links and what stories the data can tell them. That’s why a large and varied corpus of threat intelligence is so important.
Omdia's Elvia Finalle
“New threat actors are emerging constantly, some with very specific objectives,” she said. “Threat intelligence allows organizations to get knowledge about the latest threats very rapidly. Also, with advancing systems and growing AI-based capabilities, it’s getting easier to take in and get value from a large volume of threat intelligence data.”
The most effective threat intelligence solutions collect and analyze data from multiple sources and solutions to concisely deliver a strategy that will be fitted to a particular environment, Finalle said.
“Also very important is the ability to funnel that threat intelligence data directly into your threat detection, investigation and response (TDIR) solution architecture so it can be utilized to detect threats quickly and with as little friction as possible,” she said.
Threat Intelligence Enhances Security Solutions
Martin Naydenov, senior industry analyst of cybersecurity at Frost & Sullivan, said enterprise digitalization, such as cloud migration, remote work and IoT, has exponentially expanded organizations’ attack vectors. Traditional perimeter-based security is no longer adequate, demanding proactive measures and comprehensive visibility into the threat landscape and digital footprint to effectively mitigate attacks.
“Threat intelligence enhances security solutions by providing insights into emerging threats and attacker tactics,” he said. “Simultaneously, data from various security tools fuels threat intelligence, enhancing overall effectiveness. This mutual exchange strengthens security ecosystems, making threat intelligence a crucial component, particularly in key solutions such as firewalls, security information and event management (SIEMs), threat intelligence platforms (TIPs), and extended detection and response (XDR) platforms. With improvements in connectivity and data analytics, these synergistic relationships grow stronger. In addition, the rise of AI enables organizations to collect, correlate, summarize and operationalize unprecedented volumes of TI data.”
We’ve compiled a list above of 20 top threat intelligence providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, in the slideshow above, is by no means complete. It includes well-known providers as well as lesser-known suppliers making strides in threat intelligence.
About the Author(s)
You May Also Like