How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat intelligence required to detect, prevent and respond to these threats. There is a new paradigm in threat intelligence, beyond just providing foundational indicators of compromise (IOCs); organizations are asking for actionable and contextually relevant threat intelligence that provides visibility into their organization, geography and industry.

To help security & risk (S&R) professionals and the businesses they represent better understand and contend with the complicated threat landscape, Forrester has published The Forrester Wave™: External Threat Intelligence Services, Q1 2021. The independent research firm notes, “S&R pros seek out threat intelligence providers that have just the right visibility into threats most relevant to their organization and industry.”

This reflects the latest shift in threat intelligence and validates the core set of content and capabilities intelligence providers need to arm their customers within the new digital age. A leading threat intelligence provider today must provide more than just indicators and alerts; they must serve the tactical, operational and strategic intelligence required to understand threats most relevant to them, leveraging primary source intelligence, brand visibility and critical vulnerability intelligence.

Download the report

Lead With Tactical, Operational and Strategic Threat Intelligence Needs

Finding the needle in the haystack requires more than just every known observable. While these alerting and blocking use cases will always be core to a security operations center (SOC), analysts will need to add context to threat via technical and strategic intelligence. Correlating indicators with higher-order intelligence such as threat activity, threat group profiles and malware analysis quickly helps L1 and L2 SOC analysts understand the threat, its targets and tactics, techniques and procedures to make an informed response decision. As stakeholders move beyond the SOC, the C-suite and board of directors will seek to better understand their relevant threat landscape with industry reports. Threat intelligence vendors should be able to provide a set of services to help any company, big or small, evaluate and plan their threat intelligence strategy, leveraging workshops, assessments and response plans.

Leverage Depth and Breadth With Primary Source Intelligence

As Forrester contends, “It’s impossible to thoroughly track cyberthreats and the campaigns they undertake without access to primary source intelligence.”

Telemetry is key in threat intelligence. Combining human sources with infrastructure and technical sources leads to a powerful global intelligence data set. Leading providers benefit from global sightings from Incident Response, Managed Services and Managed Detection and Response (MDR) teams. Security telemetry not only helps provide added context for threat correlation, but also enables proactive awareness of malicious activity — one organization’s incident could be a warning of the latest zero-day exploit. This data can be operationalized to provide early warnings on threat activity, especially those most relevant to an organization’s brand, industry or geography.

Manage and Prioritize With Vulnerability Intelligence

Vulnerability management still plagues enterprises as security analysts struggle to understand the criticality of vulnerabilities. Identifying and prioritizing vulnerabilities is an essential task, but one that requires knowledge of your most critical systems and the ability to identify if a vulnerability is being actively exploited. This is the preferred method for risk-based vulnerability management, which helps prioritize the most critical vulnerabilities for remediation first.

How Vendors Were Scored in the Forrester Report

Forrester evaluated 12 vendors in the assessment based on the following criteria:

  • Comprehensive external threat intelligence services offerings, with capabilities across vulnerability intelligence, brand threat intelligence and cyber threat intelligence.
  • At least $10M in annual threat intelligence services revenue and over 100 threat intelligence services clients.
  • A diverse and extensive threat intelligence team.
  • Mindshare with Forrester clients.

26 criteria helped score these 12 vendors, highlighted by three high-level categories:

  • Current offering: key criteria for these solutions include intelligence requirements, intelligence analysis, cyber threat intelligence, brand threat intelligence and vulnerability intelligence.
  • Strategy: product vision, innovation roadmap and supporting products and services.
  • Market presence: reflect each vendor’s number of clients and overall service revenue.

IBM Named a Strong Performer

Forrester named IBM a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021. In such a competitive landscape, IBM shares the Strong Performer space with a number of recognized threat intelligence vendors. IBM ranked above average in raw intelligence collection, cyber threat intelligence, innovation roadmap, market approach and supporting products and services. IBM had the third highest strategy score, behind the two leaders, reflecting its market-driven alignment with tactical, operational and strategic use cases.

According to Forrester, IBM “offers unparalleled scale in threat intelligence,” alluding to its strengths in primary source intelligence, capturing and operationalizing intelligence across infrastructure, technical and human sources.

Per Forrester, “Any buyer in the world seeking a premier source of technical intelligence should consider IBM.” Download the The Forrester Wave™: External Threat Intelligence Services, Q1 2021 today to find out how your organization can up its threat intelligence with IBM X-Force Threat Intelligence.

Download the report

More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…