The CF List: 2023's 20 Top Threat Intelligence Providers You Should Know
The appetite for threat intelligence continues to grow. See who made our list and why.
Jörge röse-oberreich/Shutterstock
Frost & Sullivan’s Martin Naydenov and Omdia’s Elvia Finalle said CrowdStrike is among noteworthy threat intelligence providers. CrowdStrike ranked No. 1 in IDC’s Worldwide Modern Endpoint Security Market Shares, July 2021-June 2022 report. According to IDC, CrowdStrike produced the largest increases in endpoint revenue and market shares out of 26 vendors in the report. This is the third consecutive time IDC has ranked CrowdStrike No. 1 in worldwide modern endpoint security market shares.
Naydenov said Kaspersky is among top threat intelligence providers. This month, Kaspersky published a new decryption tool that helps victims of a ransomware modification based on previously leaked Conti source code. Conti is a ransomware gang that has dominated the cyber crime scene since 2019, and whose data, including source code, was leaked in March 2022 following an internal conflict caused by geopolitical crisis in Europe. The discovered modification was distributed by an unknown ransomware group and has been used against companies and state institutions.
Naydenov and Finalle said Mandiant is among top threat intelligence providers. Last fall, Google completed its $5.4 billion acquisition of Mandiant and is merging it with Google Cloud. This widens the scope of Google Cloud’s security services by bringing in Mandiant’s deep threat intelligence resources.
Naydenov and Finalle said Recorded Future is among top threat intelligence providers. In November, Recorded Future announced it has surpassed $250 million in annual recurring revenue (ARR). The Recorded Future Intelligence Cloud combines persistent data collection, large-scale graph analysis, and its global research team to provide complete coverage of intelligence across adversaries, their infrastructure and the organizations they target.
Naydenov and Finalle cite Digital Shadows among noteworthy threat intelligence providers. Last year, ReliaQuest acquired Digital Shadows for $160 million. The acquisition combined ReliaQuest’s ability to extend detection and response across cloud, network and endpoint environments with Digital Shadows’ digital risk and threat intelligence technology.
Naydenov and Finalle said ThreatConnect is among top threat intelligence providers.
“Customers continue to want actionable and unique intelligence,” Finalle said. “This requirement will continue to come primarily from the private sector, but it’s interesting to see public-sector entities increasingly step in as well. The Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog is a hugely popular new resource that delivers immediate value.”
Naydenov and Finalle cite Flashpoint among top threat intelligence contenders. In 2022, Flashpoint increased its customer base by more than 70%. Flashpoint supports each of the top 10 largest U.S.-based financial institutions, five of the top 10 largest global technology companies, three of the top five largest U.S. health insurance providers and seven retailers in the Fortune 100. In addition, it’s ARR grew by more than 65%.
Naydenov and Finalle said LookingGlass Cyber is among top threat intelligence providers.
“The most effective threat intelligence solutions can map out an organization’s digital footprint, actively monitor all digital assets associated with the business, and provide actionable insights with threat mitigation capabilities,” Naydenov said. “Effective threat intelligence solutions should include comprehensive AI, analysis and reporting capabilities.”
Naydenov and Finalle said Intel 471 is among noteworthy threat intelligence providers. Last month, Intel 471 announced the release of its suite of attack surface protection solutions, specifically designed to scale and grow with the needs of security teams worldwide. The suite is comprised of three offerings enabling organizations to identify, manage and protect their digital footprint from ever-increasing and sophisticated cyber threats. Those include attack surface discovery, attack surface management and attack surface intelligence.
Microsoft is among top threat intelligence providers, according to Naydenov and Finalle. Microsoft Security has now surpassed $20 billion in annual revenue. Rik Turner, senior principal analyst at Omdia, said there’s no question Microsoft is now a serious contender in various parts of the cyber market, most notably in endpoint, email and cloud security.
Naydenov and Finalle cite Anomali among noteworthy threat intelligence providers. In December, Anomali unveiled new capabilities to extend an organization’s visibility across its entire internal and external digital footprint with an integrated risk assessment that protects against potential attacks. With this quarterly platform update, Anomali introduced its attack surface management solution and new capabilities that continue to deliver relevant intelligence about adversaries and the tools security operations centers (SOCs) need to predict and protect against current and future attacks.
Naydenov and Finalle said ZeroFox is among top threat intelligence providers. ZeroFox ended its fiscal year 2023 with more than 1,200 subscription customers, including nearly 150 subscription customers with ARR greater than $100,000, an increase of 25% year over year.
“There are many factors that contribute to the effectiveness of threat intelligence solutions, but the primary litmus test is that it must be actionable and drive better decision making,” said Forrester’s Brian Wrozek. “To be actionable, threat intelligence needs to be complete, accurate, relevant and timely.”
Naydenov and Finalle cite BlueVoyant among noteworthy threat intelligence providers. This month, BlueVoyant announced enhanced Splunk capabilities, with end-to-end consulting, implementation, and managed detection and response (MDR) services. The services help clients maximize their Splunk investment whether it be on the Splunk Cloud Platform or Splunk Enterprise.
Proofpoint is among top threat intelligence providers, Finalle said. In December, Proofpoint completed its acquisition of Illusive, a provider of identity threat detection and response (ITDR). With this acquisition, Proofpoint will enhance its threat and information protection platforms by adding proactive identity risk discovery and remediation, as well as a post-breach defense capability, providing a unified solution that extends protection across the entire attack chain for critical threats like ransomware and data breaches.
Naydenov cites Lumen Technologies among top threat intelligence providers.
“More people are interested in having threat intelligence tools in their organizations, and a good indicator of this need is to look at all the acquisitions that have happened in the past year within the cybersecurity landscape,” Finalle said. “Many of the providers of threat intelligence were acquired by competitors or other organizations that needed to add threat intelligence to their portfolio. The amount of money being moved to ensure acquisitions talks about how much more demand is affecting the threat intelligence market.”
Naydenov and Finalle cite Outpost24 among top threat intelligence providers. Last fall, Outpost24 announced the introduction of its penetration testing as a service (PTaaS) solutions to the North American market. Outpost24’s PTaaS solutions provide companies with on-demand, continuous monitoring, ensuring organizations are fully protected against threats in their application attack surface.
Naydenov and Finalle said Cybersixgill is among noteworthy threat intelligence providers. Last summer, Cybersixgill announced its Dynamic Vulnerability Exploit (DVE) Intelligence solution, delivering end-to-end intelligence across the entire common vulnerabilities and exposures (CVE) lifecycle.
“The appetite for threat intelligence continues to grow,” Wrozek said. “In a 2022 survey of security decision-makers, Forrester found that two-thirds of respondents where increasing their budget for threat intelligence technologies and the mean number of commercial threat intelligence feeds that they paid for was seven.”
Rapid7 is among top threat intelligence providers, Finalle said. Rapid7 is buying Minerva Labs, the anti-evasion and ransomware prevention technology provider, for $38 million in cash and stock. Rapid7 will further extend its managed threat detection capabilities with the ability to offer advanced ransomware prevention. These new capabilities will extend managed detection and response (MDR) across cloud resources, traditional infrastructure and existing endpoint protection infrastructure.
Finalle cites Fortra, formerly HelpSystems, among top threat intelligence providers. The rebrand follows a shift in the company during the past few years to focus on cybersecurity and automation. This focus was driven by the acquisition of several solutions and industry expertise. It now has more than 30,000 customers globally.
IBM Security is among noteworthy threat intelligence providers, Finalle said.
“The ever-changing threat landscape necessitates organizations to implement a comprehensive CTI solution to protect their digital footprint and prevent attacks effectively,” Naydenov said. “Cyberattacks are increasing in sophistication and volume. In addition, the rise of nation-state threat actors drives demand for CTI solutions since information about threat groups, their motivations and techniques is becoming more important with time and empowers organizations to stay one step ahead of threats.”
IBM Security is among noteworthy threat intelligence providers, Finalle said.
“The ever-changing threat landscape necessitates organizations to implement a comprehensive CTI solution to protect their digital footprint and prevent attacks effectively,” Naydenov said. “Cyberattacks are increasing in sophistication and volume. In addition, the rise of nation-state threat actors drives demand for CTI solutions since information about threat groups, their motivations and techniques is becoming more important with time and empowers organizations to stay one step ahead of threats.”
The bar continues to rise for threat intelligence providers as their customers become overwhelmed with the volume of raw threat information.
Threat intelligence platforms consolidate and deduplicate intelligence information, and help analysts act on findings. Services may integrate threat intelligence with other aspects of security services. Those include managed security services or managed IT infrastructure.
Our latest CF List for the second time focuses on threat intelligence providers. Analysts with Omdia, Forrester and Frost & Sullivan weighed in on threat intelligence market trends and what it takes to be a successful threat intelligence provider.
What Threat Intelligence Providers Must Offer
Frost & Sullivan’s Martin Naydenov
Martin Naydenov is senior industry analyst of cybersecurity at Frost & Sullivan. He said the pandemic accelerated the shift to remote work environments. In addition, it caused many organizations to rush their digital transformation initiatives. That led to increased risk and exposure of their digital assets.
“The increasing complexity of cyber threats and the number of attack vectors have significantly increased data points to be analyzed, leading to lots of false-positive alerts and noise from conventional cyber threat intelligence (CTI) solutions,” he said.
To reduce the noise and move beyond just indicators of compromises (IoCs), CTI providers have to offer contextualized alerts with the help of sophisticated artificial intelligence (AI) and analysis tools, Naydenov said.
More CTI vendors are increasingly adopting more digital risk protection (DRP) and external attack surface management (EASM) use cases. They’re doing so to provide more relevant data and empower organizations to act on the insights they receive.
Changing Consumption Patterns
Brian Wrozek is principal analyst of security and risk at Forrester. He said the way threat intelligence is consumed has progressed beyond simple text searches to interactive visual user interfaces. Customers can retrieve additional information, pivot to other intelligence sources, and initiative automatic actions from a single view.
Forrester’s Brian Wrozek
“An organization’s customers are influencing the threat intelligence space as well,” he said. “Customers understand that successful cyberattacks are going to happen. But they expect organizations to effectively respond and take proactive steps to protect their personally identifiable information (PII) and continuity of services. For example, if information about a pending attack or a known vulnerability is publicly available, customers expect organizations to be monitoring for this insight and to take necessary actions to reduce the risk.”
Threat intelligence provides early indication of potential attacks, Wrozek said. It also provides information regarding the tactics, techniques and procedures (TTP) used by threat actors. Organizations can then improve their incident response efforts.
Threat Intelligence Vital in Remote Work Environments
Elvia Finalle is senior analyst of security operations at Omdia, which shares a parent company with Channel Futures (Informa).
Omdia’s Elvia Finalle
“The definition of a successful security solution will continue to evolve as the work environment progresses and changes,” she said. “The abrupt move to remote work many industries experienced during the pandemic has shown that not only were companies not ready for many new cyber threats, but that they also needed to acquire a threat intelligence solution to facilitate understanding of their situation.”
Even with some portion of workers returning to work, a large portion of the workforce prefers to keep working remotely, Finalle said.
“This implies that companies will need to continue to mature their tactics and strategies to ensure the remote work environment is maintained in a healthy position,” she said.
Threat Intelligence is vital to making this process less painful for IT and security departments, Finalle said.
We’ve compiled a list above of 20 top threat intelligence providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. It also features lesser-known suppliers making strides in threat intelligence.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like