The CF List: 20 Top Threat Intelligence Providers You Should Know
Cisco, AT&T, Verizon and CrowdStrike made it. See who else and why.
![Twenty, 20, SD-WAN providers Twenty, 20, SD-WAN providers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1623fbe456f4d7d3/6523f96f6868b42e553c7c45/shutterstock_790434142.jpg?width=700&auto=webp&quality=80&disable=upscale)
Jörge röse-oberreich/Shutterstock
Forrester’s Allie Mellen cited Mandiant as a top contender. Google is buying Mandiant to merge it with the public cloud provider Google Cloud.
Last month, Mandiant unveiled its Ransomware Defense Validation within the Mandiant Advantage platform. It includes threat intelligence, ransomware reconfiguration capabilities, and automated validation infrastructure to provide security leaders with evidence whether their organizations are able to prevent specific ransomware attacks.
S&P Global’s Scott Crawford said AT&T Cybersecurity is among longstanding incumbents in threat intelligence. Last November, AT&T launched an integrated, managed cybersecurity solution to help U.S. federal agencies modernize and protect their IT infrastructure in compliance with Trusted Internet Connections (TIC) 3.0 cybersecurity guidance. AT&T Government Trusted Internet brings together SD-WAN technology, security capabilities and fiber connectivity in a 24/7 managed solution through a single provider.
Mellen cited CrowdStrike among top threat intelligence providers. This month, CrowdStrike introduced Falcon Identity Threat Protection Complete, a fully managed identity threat protection solution. It brings together the Falcon identity threat protection module and Falcon Complete managed service to deliver identity threat prevention and IT policy enforcement, with management, monitoring and remediation.
Crawford said Cisco is among longstanding incumbents in threat intelligence. Cisco’s rumored acquisition offer for Splunk would create one of the largest cybersecurity vendors in the world. Last month, the Wall Street Journal reported that Cisco offered to buy the data observability, and security information and event management (SIEM) provider $20 billion.
Crawford cited Palo Alto Networks among leading threat intelligence providers. Omdia’s Rik Turner said amid the flurry of M&A involving threat intelligence, Palo Alto Networks developed its own threat intelligence platform (TIP) functionality internally, rather than buying anyone.
Mellen said ZeroFox is a noteworthy threat intelligence provider. In January, ZeroFox unveiled its Adversary Disruption service to automate the dismantlement of malicious infrastructure, content, sites and bot accounts required to conduct external cyberattacks.
Flashpoint is among noteworthy threat intelligence providers, Mellen said. In January, Flashpoint announced its acquisition of Risk Based Security (RBS), a company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’ collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners with contextual threat intelligence and automation.
Mellen and Crawford said Recorded Future is a noteworthy contender. Last year, Recorded Future acquired Gemini Advisory for $52 million.
“Recorded Future provides an intelligence offering with a wide range of use cases,” said Frost & Sullivan’s Mikita Hanets. “The subscription model and product marketing strategy enable the company to onboard clients with different intelligence requirements and cybersecurity maturity levels.”
Crawford said ThreatConnect is among longstanding incumbents in threat intelligence. And Omdia’s Rik Turner said it’s one of the major threat intelligence platform market players.
In November, the company unveiled ThreatConnect 6.4, which introduces new capabilities that allow security operations and cyber threat intelligence (CTI) analysts to get useful context faster during investigations and to better measure team efficiencies.
Mellen cited IBM as a noteworthy provider and Crawford said it’s among longstanding incumbents in threat intelligence. Last month, IBM announced a multimillion-dollar investment in its resources to help businesses prepare for and manage the growing threat of cyberattacks to organizations across the Asia Pacific (APAC) region.
RiskIQ is one to watch in threat intelligence, Mellen said. Last year, Microsoft acquired RiskIQ in a deal reportedly worth $500 million. RiskIQ helps customers discover and assess the security of their entire enterprise attack surface in the Microsoft cloud, AWS, other clouds, on premises and from their supply chain. RiskIQ can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them.
Mellen and Crawford said Digital Shadows is a leader in threat intelligence. Last month, Digital Shadows launched a new vulnerability intelligence module within its SearchLight managed service. The new capability enables security teams to identify which of the many thousands of common vulnerabilities and exposures (CVEs) they should focus their limited resources on and how they can prevent criminals from exploiting them.
Mellen and Hanets cited Intel 471 as a top threat intelligence contender.
“Intel 471 specializes in adversary and malware intelligence, and develops a custom intelligence collection plan for each customer so that clients receive a subset of only relevant and tailored threat data,” Hanets said.
Mellen said IntSights Cyber Intelligence is a noteworthy provider. Last summer, Rapid7 acquired IntSights for $335 million in cash and stock. With the acquisition of IntSights, Rapid7 will combine its threat intelligence and understanding of customer environments with IntSights’ external threat intelligence capabilities.
Crawford said Anomali is among longstanding incumbents in threat intelligence. Mellen cited it as a top contender and Turner said it’s one of the major threat intelligence platform market players.
This month, Anomali unveiled its cloud-native extended detection and response (XDR) solution. Built on the Anomali platform, it provides customers with greater visibility across all security telemetry from endpoints to the public cloud, providing detection and optimized response capabilities that extends across their entire security infrastructure.
Crawford said EclecticIQ is among longstanding incumbents in threat intelligence. And Turner said it’s one of the major threat intelligence platform market players.
Last August, cybersecurity investor Dutch Security TechFund, part of TIIN Capital, invested more than $3 million in the Dutch scaleup. EclecticIQ is a global threat intelligence, hunting and response technology provider.
Crawford said LookingGlass Cyber is among vendors that cover multiple aspects of threat intelligence “operationalization.”
“Organizations need to make sense of large volumes of threat data in a continuously changing threat landscape,” Hanets said. “Threat intelligence should help organizations reduce the noise and make educated strategic decisions. Because of that, an effective threat intelligence solution provides timely, actionable and relevant information.”
Crawford said Secureworks is among longstanding incumbents in threat intelligence.
Last October, Secureworks announced the expansion of its Taegis portfolio of XDR solutions with the addition of Taegis NGAV and Taegis ManagedXDR Elite. Taegis NGAV is a SaaS add-on to Taegis XDR and ManagedXDR. Taegis NGAV uses machine learning (ML) technology to automatically disrupt endpoint threats, while enhancing investigations in Taegis XDR with prevention context.
Crawford said ThreatQuotient is among longstanding incumbents in threat intelligence. Mellen cited it as a top contender and Turner said it’s one of the major threat intelligence platform market players.
In November, ThreatQuotient announced v5 of its ThreatQ platform, launching capabilities needed to support the security operations center (SOC) of the future, where data is the foundation.
Crawford said Verizon is among longstanding incumbents in threat intelligence.
Threat intelligence is in high demand, especially because of the evolving threat landscape, he said.
“The integration and correlation of threat intelligence in SIEM is rated ‘highly important’ by 64% and ‘somewhat important’ to another 33% of respondents to 451 Research’s Voice of the Enterprise: Information Security, Vendor Evaluations survey published last year,” Crawford said.
Crawford said Verizon is among longstanding incumbents in threat intelligence.
Threat intelligence is in high demand, especially because of the evolving threat landscape, he said.
“The integration and correlation of threat intelligence in SIEM is rated ‘highly important’ by 64% and ‘somewhat important’ to another 33% of respondents to 451 Research’s Voice of the Enterprise: Information Security, Vendor Evaluations survey published last year,” Crawford said.
Threat intelligence providers are in high demand as organizations need to make sense of large volumes of threat data in a continuously changing threat landscape.
Threat intelligence platforms consolidate and deduplicate intelligence information, and help analysts act on findings. Services may integrate threat intelligence with other aspects of security services. Those include managed security services or managed IT infrastructure.
Our latest CF List for the first time focuses on threat intelligence. Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on threat intelligence market trends and what it takes to be a successful threat intelligence provider.
Complexity, Attacks Growing
Mikita Hanets is an industry analyst in Frost & Sullivan’s cybersecurity practice.
Frost & Sullivan’s Mikita Hanets
“The growing volume and complexity of attacks drive the demand for threat intelligence solutions,” he said. “Organizations recognize the importance of proactive defense for staying ahead of cyber adversaries. In addition, confrontations between nation-states in the cyber domain will contribute to the demand for threat intelligence. Organizations turn to cyber intelligence providers to learn the modus operandi of hackers affiliated with nation-states and increase their chances of anticipating and preventing attacks.”
Allie Mellen is security and risk analyst at Forrester.
“Threat intelligence – and curated threat intelligence in particular – is critical to understanding and reacting to a constantly changing threat landscape, especially given many of the nation-state and hacktivist groups at play,” she said.
More Threat Intelligence Needed
Scott Crawford is research director, information security with 451 Research, part of S&P Global Market Intelligence.
“To some extent, threat intelligence … is something that both customers, as well as providers and their partners would like to see become more pervasive,” he said. “And that pervasiveness now extends across the enterprise, wherever it may be found, including in work-from-anywhere settings, not to mention across a growing spectrum of third parties: suppliers, partners and IT integrations with a wide variety of services ¯ particularly in the wake of cyberattacks that deliberately targeted the IT supply chain seen in the past year, and more recently with increased concern regarding the role of cyberattacks in international conflict.”
To say that M&A has shaken up the competitive landscape is an understatement, Crawford said.
“According to 451 Research’s M&A KnowledgeBase, in 2021 we saw nearly $4 billion in disclosed or estimated M&A deal value and more in deal values that weren’t disclosed,” he said. “There were at least 14 deals where threat intelligence was a primary focus of either the acquirer or the acquisition target.”
Crawford cited the following deals where threat intelligence played a role:
Mandiant’s separation from the FireEye products business.
Microsoft’s acquisition of RiskIQ.
The sales of Blueliv, Intel471, Team Cymru and Flashpoint to private equity firms.
ZeroFox’s pickup of Cyveillance, DomainTools’ reach for Farsight Security, and more.
Provider Types
Rik Turner is principal analyst at Omdia, which shares a parent company with Channel Futures (Informa). He divides the threat intelligence market into three provider types. Those include:
Community/open-source providers.
Security vendors who gather threat intelligence because of their market presence. They then use it as an incentive for customers to buy and stick with their products.
Pure-play threat intelligence vendors, who themselves fall into multiple subcategories, depending on what type of threat intelligence they are gathering.
Omdia’s Rik Turner
“There is also sort of a fourth route as exemplified by BrightCloud (part of OpenText via the Webroot acquisition), which is kind of a hybrid of No. 2 and No. 3, in that it doesn’t sell to end customers, but rather than MSPs and MSSPs who in turn sell it to their enterprise customers,” he said.
We’ve compiled a list above of 20 top threat intelligence providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known providers making strikes in threat intelligence.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like