As attacks become more sophisticated and complex, security teams have actively sought to increase the number of threat intelligence vendors used to gain improved visibility into the threats targeting their specific organization or industry.READ THE REPORT >
Organizations currently subscribe to an average of 7.51 threat intelligence services, up 44% from 2018. This increase highlights the growing importance placed on threat intelligence by security practitioners and recognizes the benefits of threat intelligence in the ongoing fight against cyber crime.
Although the statistics seem like a positive step forward, the increase of threat data from multiple vendors contributes to information overload in the SOC. This can lead to serious vulnerability problems. Threat intelligence data is not actionable without context and piling data on top of more data does not give organizations greater protection against the latest threats; it simply tasks security teams with hours of analysis.
Historically, comparing threat intelligence providers has not been easy, but the recent Forrester report compares 12 vendors, each of which have the following in common:
The 12 evaluated organizations were scored against 26 different criteria including: intelligence analysis, vulnerability intelligence, eliciting intelligence requirements, cyber threat intelligence, strategic partners, innovation roadmap and product vision. The criteria were grouped into three high-level categories that indicated the strength of each vendor’s current offering, strategy and market presence.
The report, published earlier this year, cites FireEye’s position as a leader in threat intelligence. FireEye received the highest possible scores in 18 of the 26 criteria. The Forrester report comments:
While attackers are constantly looking for ways to evade or defeat security measures, adapting as they are discovered or when their tactics stop working, threat intelligence collection must also develop new ways to track threat actors. FireEye Mandiant continually innovates its methods of data collection, investing heavily in human expertise around the world. Our team of 260 researchers generate thousands of reports, curating data from four sources:
Over the last 15+ years, we have gained a reputation as the industry’s premier incident responder, attending 800+ incident response engagements annually.
We have approximately four million virtual guest images deployed globally in 102 countries, generating tens of millions of sandbox detonations per hour, confirming 50,000 - 70,000 malicious events per hour.
Our Managed Defense team performs detection and response services for over 300 customers from four international Cyber Threat Operations Centers, ingesting 99 million+ events and validating 21 million+ alerts.
We collect up to one million malware samples per day from more than 70 different sources.
FireEye Mandiant has a unique view into the threat landscape. The four different lenses used to analyze adversaries help us track threats throughout their lifecycle. While many threat intelligence vendors regurgitate the data they collect and leave SOC teams and analysts to sift through it, Mandiant Threat Intelligence applies unique algorithms and expert opinion to the data, transforming it into contextualized, actionable threat intelligence, complete with an M-Score—Mandiant’s in-house scoring system which rates the confidence level in each threat. Our browser plugin, search and filtering features enable users to access the latest threat intelligence whenever they need it, without undertaking hours of data processing.
Innovation and advances in technology are removing the need to stockpile threat intelligence data from multiple vendors. Instead, research the right vendors and ensure they deliver the tools you need to inform your team of the latest threats to your organization. This can considerably ease the burden on the SOC, giving teams more time to undertake proactive activities such as threat hunting.READ THE REPORT >