How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat intelligence required to detect, prevent and respond to these threats. There is a new paradigm in threat intelligence, beyond just providing foundational indicators of compromise (IOCs); organizations are asking for actionable and contextually relevant threat intelligence that provides visibility into their organization, geography and industry.
To help security & risk (S&R) professionals and the businesses they represent better understand and contend with the complicated threat landscape, Forrester has published The Forrester Wave™: External Threat Intelligence Services, Q1 2021. The independent research firm notes, “S&R pros seek out threat intelligence providers that have just the right visibility into threats most relevant to their organization and industry.”
This reflects the latest shift in threat intelligence and validates the core set of content and capabilities intelligence providers need to arm their customers within the new digital age. A leading threat intelligence provider today must provide more than just indicators and alerts; they must serve the tactical, operational and strategic intelligence required to understand threats most relevant to them, leveraging primary source intelligence, brand visibility and critical vulnerability intelligence.
Download the report
Lead With Tactical, Operational and Strategic Threat Intelligence Needs
Finding the needle in the haystack requires more than just every known observable. While these alerting and blocking use cases will always be core to a security operations center (SOC), analysts will need to add context to threat via technical and strategic intelligence. Correlating indicators with higher-order intelligence such as threat activity, threat group profiles and malware analysis quickly helps L1 and L2 SOC analysts understand the threat, its targets and tactics, techniques and procedures to make an informed response decision. As stakeholders move beyond the SOC, the C-suite and board of directors will seek to better understand their relevant threat landscape with industry reports. Threat intelligence vendors should be able to provide a set of services to help any company, big or small, evaluate and plan their threat intelligence strategy, leveraging workshops, assessments and response plans.
Leverage Depth and Breadth With Primary Source Intelligence
As Forrester contends, “It’s impossible to thoroughly track cyberthreats and the campaigns they undertake without access to primary source intelligence.”
Telemetry is key in threat intelligence. Combining human sources with infrastructure and technical sources leads to a powerful global intelligence data set. Leading providers benefit from global sightings from Incident Response, Managed Services and Managed Detection and Response (MDR) teams. Security telemetry not only helps provide added context for threat correlation, but also enables proactive awareness of malicious activity — one organization’s incident could be a warning of the latest zero-day exploit. This data can be operationalized to provide early warnings on threat activity, especially those most relevant to an organization’s brand, industry or geography.
Manage and Prioritize With Vulnerability Intelligence
Vulnerability management still plagues enterprises as security analysts struggle to understand the criticality of vulnerabilities. Identifying and prioritizing vulnerabilities is an essential task, but one that requires knowledge of your most critical systems and the ability to identify if a vulnerability is being actively exploited. This is the preferred method for risk-based vulnerability management, which helps prioritize the most critical vulnerabilities for remediation first.
How Vendors Were Scored in the Forrester Report
Forrester evaluated 12 vendors in the assessment based on the following criteria:
- Comprehensive external threat intelligence services offerings, with capabilities across vulnerability intelligence, brand threat intelligence and cyber threat intelligence.
- At least $10M in annual threat intelligence services revenue and over 100 threat intelligence services clients.
- A diverse and extensive threat intelligence team.
- Mindshare with Forrester clients.
26 criteria helped score these 12 vendors, highlighted by three high-level categories:
- Current offering: key criteria for these solutions include intelligence requirements, intelligence analysis, cyber threat intelligence, brand threat intelligence and vulnerability intelligence.
- Strategy: product vision, innovation roadmap and supporting products and services.
- Market presence: reflect each vendor’s number of clients and overall service revenue.
IBM Named a Strong Performer
Forrester named IBM a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021. In such a competitive landscape, IBM shares the Strong Performer space with a number of recognized threat intelligence vendors. IBM ranked above average in raw intelligence collection, cyber threat intelligence, innovation roadmap, market approach and supporting products and services. IBM had the third highest strategy score, behind the two leaders, reflecting its market-driven alignment with tactical, operational and strategic use cases.
According to Forrester, IBM “offers unparalleled scale in threat intelligence,” alluding to its strengths in primary source intelligence, capturing and operationalizing intelligence across infrastructure, technical and human sources.
Per Forrester, “Any buyer in the world seeking a premier source of technical intelligence should consider IBM.” Download the The Forrester Wave™: External Threat Intelligence Services, Q1 2021 today to find out how your organization can up its threat intelligence with IBM X-Force Threat Intelligence.
Download the report
Product Manager, IBM
Christian Falco is a Product Manager with IBM Security, working across the X-Force Threat Intelligence portfolio. He has nearly ten years of experience in pr...