How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat intelligence required to detect, prevent and respond to these threats. There is a new paradigm in threat intelligence, beyond just providing foundational indicators of compromise (IOCs); organizations are asking for actionable and contextually relevant threat intelligence that provides visibility into their organization, geography and industry.

To help security & risk (S&R) professionals and the businesses they represent better understand and contend with the complicated threat landscape, Forrester has published The Forrester Wave™: External Threat Intelligence Services, Q1 2021. The independent research firm notes, “S&R pros seek out threat intelligence providers that have just the right visibility into threats most relevant to their organization and industry.”

This reflects the latest shift in threat intelligence and validates the core set of content and capabilities intelligence providers need to arm their customers within the new digital age. A leading threat intelligence provider today must provide more than just indicators and alerts; they must serve the tactical, operational and strategic intelligence required to understand threats most relevant to them, leveraging primary source intelligence, brand visibility and critical vulnerability intelligence.

Download the report

Lead With Tactical, Operational and Strategic Threat Intelligence Needs

Finding the needle in the haystack requires more than just every known observable. While these alerting and blocking use cases will always be core to a security operations center (SOC), analysts will need to add context to threat via technical and strategic intelligence. Correlating indicators with higher-order intelligence such as threat activity, threat group profiles and malware analysis quickly helps L1 and L2 SOC analysts understand the threat, its targets and tactics, techniques and procedures to make an informed response decision. As stakeholders move beyond the SOC, the C-suite and board of directors will seek to better understand their relevant threat landscape with industry reports. Threat intelligence vendors should be able to provide a set of services to help any company, big or small, evaluate and plan their threat intelligence strategy, leveraging workshops, assessments and response plans.

Leverage Depth and Breadth With Primary Source Intelligence

As Forrester contends, “It’s impossible to thoroughly track cyberthreats and the campaigns they undertake without access to primary source intelligence.”

Telemetry is key in threat intelligence. Combining human sources with infrastructure and technical sources leads to a powerful global intelligence data set. Leading providers benefit from global sightings from Incident Response, Managed Services and Managed Detection and Response (MDR) teams. Security telemetry not only helps provide added context for threat correlation, but also enables proactive awareness of malicious activity — one organization’s incident could be a warning of the latest zero-day exploit. This data can be operationalized to provide early warnings on threat activity, especially those most relevant to an organization’s brand, industry or geography.

Manage and Prioritize With Vulnerability Intelligence

Vulnerability management still plagues enterprises as security analysts struggle to understand the criticality of vulnerabilities. Identifying and prioritizing vulnerabilities is an essential task, but one that requires knowledge of your most critical systems and the ability to identify if a vulnerability is being actively exploited. This is the preferred method for risk-based vulnerability management, which helps prioritize the most critical vulnerabilities for remediation first.

How Vendors Were Scored in the Forrester Report

Forrester evaluated 12 vendors in the assessment based on the following criteria:

  • Comprehensive external threat intelligence services offerings, with capabilities across vulnerability intelligence, brand threat intelligence and cyber threat intelligence.
  • At least $10M in annual threat intelligence services revenue and over 100 threat intelligence services clients.
  • A diverse and extensive threat intelligence team.
  • Mindshare with Forrester clients.

26 criteria helped score these 12 vendors, highlighted by three high-level categories:

  • Current offering: key criteria for these solutions include intelligence requirements, intelligence analysis, cyber threat intelligence, brand threat intelligence and vulnerability intelligence.
  • Strategy: product vision, innovation roadmap and supporting products and services.
  • Market presence: reflect each vendor’s number of clients and overall service revenue.

IBM Named a Strong Performer

Forrester named IBM a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021. In such a competitive landscape, IBM shares the Strong Performer space with a number of recognized threat intelligence vendors. IBM ranked above average in raw intelligence collection, cyber threat intelligence, innovation roadmap, market approach and supporting products and services. IBM had the third highest strategy score, behind the two leaders, reflecting its market-driven alignment with tactical, operational and strategic use cases.

According to Forrester, IBM “offers unparalleled scale in threat intelligence,” alluding to its strengths in primary source intelligence, capturing and operationalizing intelligence across infrastructure, technical and human sources.

Per Forrester, “Any buyer in the world seeking a premier source of technical intelligence should consider IBM.” Download the The Forrester Wave™: External Threat Intelligence Services, Q1 2021 today to find out how your organization can up its threat intelligence with IBM X-Force Threat Intelligence.

Download the report

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today