Home / Blogs

How to Choose a Cyber Threat Intelligence Provider

Josh Ray

Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization.

Keep in mind that this was before the explosion of CTI in the marketplace and the myriad of different CTI vendors that have emerged over the past few years. The broader availability of CTI providers has made the task of understanding their capabilities and how their services address (or, more importantly, don't address) an organization's requirements more difficult. Essentially, CTI should help these organizations make better decisions and improve the overall security posture of their business.

Enter Forrester Research's Nov. 3, 2015 report: "Vendor Landscape: S&R Pros Turn To Cyber Threat Intelligence Providers for Help.” The report, as Forrester puts it, seeks to "give S&R pros the tools to evaluate cyber threat intelligence providers along with analysis of 20 of the top players in the space."

The "Provider Evaluation Criteria" section of the report includes critical intersections between the intelligence cycle and how a given provider's capabilities map to its intelligence collection, analysis and generation phases. Here, the authors provide some salient recommendations for organizations looking for a CTI provider. Please download the report to get what I believe is some of the best guidance out there on that subject.

Based on my experience, I'd also add a few more to the list:

  • A good CTI provider should help you cut through media and marketing hype, not contribute to it. Make sure your vendor isn't more concerned with making a marketing splash than operating with discretion in the mission space.
  • Your vendor should be able to "walk the walk." Please make sure they have a proven operational track record that is reflected in their processes, approach, client feedback and longevity. Make them show you their capability.
  • In this industry, reputation matters. Make sure your vendor has staff that maintains good standing and solid peer relationships in the security and cyber-intelligence communities.
  • How does the vendor plan to address your business in a year? Make sure your vendor continues to innovate and has a product and development roadmap that supports your needs and growth goals.

If you have any additional suggestions to add to the list, I'd love to hear about them in the comments section.

By Josh Ray, Vice President of Cybersecurity Intelligence at Verisign
Follow CircleID on
Related topics: Cyberattack, Cybersecurity
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias