How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats (APTs)? The simple answer is better threat intelligence. Please stop me if this is something you’ve heard before. As cyberattacks continue to become more wide-ranging and complex, so too has the type of threat intelligence required to detect, prevent and respond to these threats. There is a new paradigm in threat intelligence, beyond just providing foundational indicators of compromise (IOCs); organizations are asking for actionable and contextually relevant threat intelligence that provides visibility into their organization, geography and industry.

To help security & risk (S&R) professionals and the businesses they represent better understand and contend with the complicated threat landscape, Forrester has published The Forrester Wave™: External Threat Intelligence Services, Q1 2021. The independent research firm notes, “S&R pros seek out threat intelligence providers that have just the right visibility into threats most relevant to their organization and industry.”

This reflects the latest shift in threat intelligence and validates the core set of content and capabilities intelligence providers need to arm their customers within the new digital age. A leading threat intelligence provider today must provide more than just indicators and alerts; they must serve the tactical, operational and strategic intelligence required to understand threats most relevant to them, leveraging primary source intelligence, brand visibility and critical vulnerability intelligence.

Download the report

Lead With Tactical, Operational and Strategic Threat Intelligence Needs

Finding the needle in the haystack requires more than just every known observable. While these alerting and blocking use cases will always be core to a security operations center (SOC), analysts will need to add context to threat via technical and strategic intelligence. Correlating indicators with higher-order intelligence such as threat activity, threat group profiles and malware analysis quickly helps L1 and L2 SOC analysts understand the threat, its targets and tactics, techniques and procedures to make an informed response decision. As stakeholders move beyond the SOC, the C-suite and board of directors will seek to better understand their relevant threat landscape with industry reports. Threat intelligence vendors should be able to provide a set of services to help any company, big or small, evaluate and plan their threat intelligence strategy, leveraging workshops, assessments and response plans.

Leverage Depth and Breadth With Primary Source Intelligence

As Forrester contends, “It’s impossible to thoroughly track cyberthreats and the campaigns they undertake without access to primary source intelligence.”

Telemetry is key in threat intelligence. Combining human sources with infrastructure and technical sources leads to a powerful global intelligence data set. Leading providers benefit from global sightings from Incident Response, Managed Services and Managed Detection and Response (MDR) teams. Security telemetry not only helps provide added context for threat correlation, but also enables proactive awareness of malicious activity — one organization’s incident could be a warning of the latest zero-day exploit. This data can be operationalized to provide early warnings on threat activity, especially those most relevant to an organization’s brand, industry or geography.

Manage and Prioritize With Vulnerability Intelligence

Vulnerability management still plagues enterprises as security analysts struggle to understand the criticality of vulnerabilities. Identifying and prioritizing vulnerabilities is an essential task, but one that requires knowledge of your most critical systems and the ability to identify if a vulnerability is being actively exploited. This is the preferred method for risk-based vulnerability management, which helps prioritize the most critical vulnerabilities for remediation first.

How Vendors Were Scored in the Forrester Report

Forrester evaluated 12 vendors in the assessment based on the following criteria:

  • Comprehensive external threat intelligence services offerings, with capabilities across vulnerability intelligence, brand threat intelligence and cyber threat intelligence.
  • At least $10M in annual threat intelligence services revenue and over 100 threat intelligence services clients.
  • A diverse and extensive threat intelligence team.
  • Mindshare with Forrester clients.

26 criteria helped score these 12 vendors, highlighted by three high-level categories:

  • Current offering: key criteria for these solutions include intelligence requirements, intelligence analysis, cyber threat intelligence, brand threat intelligence and vulnerability intelligence.
  • Strategy: product vision, innovation roadmap and supporting products and services.
  • Market presence: reflect each vendor’s number of clients and overall service revenue.

IBM Named a Strong Performer

Forrester named IBM a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021. In such a competitive landscape, IBM shares the Strong Performer space with a number of recognized threat intelligence vendors. IBM ranked above average in raw intelligence collection, cyber threat intelligence, innovation roadmap, market approach and supporting products and services. IBM had the third highest strategy score, behind the two leaders, reflecting its market-driven alignment with tactical, operational and strategic use cases.

According to Forrester, IBM “offers unparalleled scale in threat intelligence,” alluding to its strengths in primary source intelligence, capturing and operationalizing intelligence across infrastructure, technical and human sources.

Per Forrester, “Any buyer in the world seeking a premier source of technical intelligence should consider IBM.” Download the The Forrester Wave™: External Threat Intelligence Services, Q1 2021 today to find out how your organization can up its threat intelligence with IBM X-Force Threat Intelligence.

Download the report

More from Intelligence & Analytics

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…

Cyber Storm Predicted at the 2023 World Economic Forum

According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely that a cyberattack will affect their organization severely in the next two years. With cybersecurity concerns on everyone’s mind, the topic received top billing at the recent World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. At the meeting, Matthew…

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…