When it Comes to Threat Intelligence, A Discerning Approach Pays

As attacks become more sophisticated and complex, security teams have actively sought to increase the number of threat intelligence vendors used to gain improved visibility into the threats targeting their specific organization or industry.


Organizations currently subscribe to an average of 7.51 threat intelligence services, up 44% from 2018. This increase highlights the growing importance placed on threat intelligence by security practitioners and recognizes the benefits of threat intelligence in the ongoing fight against cyber crime.

Although the statistics seem like a positive step forward, the increase of threat data from multiple vendors contributes to information overload in the SOC. This can lead to serious vulnerability problems. Threat intelligence data is not actionable without context and piling data on top of more data does not give organizations greater protection against the latest threats; it simply tasks security teams with hours of analysis.

Man looking at screen

Historically, comparing threat intelligence providers has not been easy, but the recent Forrester report compares 12 vendors, each of which have the following in common:

  • They are large, global organizations that offer a comprehensive combination of vulnerability, brand and cyber threat intelligence
  • Revenue gained from threat intelligence services represented at least $10m per annum, generated by servicing over 100 clients
  • Vendors employed an extensive threat intelligence team with a diverse set of skills and cultural backgrounds

The 12 evaluated organizations were scored against 26 different criteria including: intelligence analysis, vulnerability intelligence, eliciting intelligence requirements, cyber threat intelligence, strategic partners, innovation roadmap and product vision. The criteria were grouped into three high-level categories that indicated the strength of each vendor’s current offering, strategy and market presence.

The report, published earlier this year, cites FireEye’s position as a leader in threat intelligence. FireEye received the highest possible scores in 18 of the 26 criteria. The Forrester report comments:

“FireEye-Mandiant’s strength in threat intelligence is in large part due to the reputation and visibility provided via the company’s robust incident response consultancy, security controls business, and managed security services. The visibility gained from those supporting services is ahead of the pack.”
— The Forrester Wave™: External Threat Intelligence Services, Q1 2021

While attackers are constantly looking for ways to evade or defeat security measures, adapting as they are discovered or when their tactics stop working, threat intelligence collection must also develop new ways to track threat actors. FireEye Mandiant continually innovates its methods of data collection, investing heavily in human expertise around the world. Our team of 260 researchers generate thousands of reports, curating data from four sources:

Breach intelligence

Over the last 15+ years, we have gained a reputation as the industry’s premier incident responder, attending 800+ incident response engagements annually.

Machine intelligence

We have approximately four million virtual guest images deployed globally in 102 countries, generating tens of millions of sandbox detonations per hour, confirming 50,000 - 70,000 malicious events per hour.

Operational intelligence

Our Managed Defense team performs detection and response services for over 300 customers from four international Cyber Threat Operations Centers, ingesting 99 million+ events and validating 21 million+ alerts.

Adversary intelligence

We collect up to one million malware samples per day from more than 70 different sources.

FireEye Mandiant has a unique view into the threat landscape. The four different lenses used to analyze adversaries help us track threats throughout their lifecycle. While many threat intelligence vendors regurgitate the data they collect and leave SOC teams and analysts to sift through it, Mandiant Threat Intelligence applies unique algorithms and expert opinion to the data, transforming it into contextualized, actionable threat intelligence, complete with an M-Score—Mandiant’s in-house scoring system which rates the confidence level in each threat. Our browser plugin, search and filtering features enable users to access the latest threat intelligence whenever they need it, without undertaking hours of data processing.

“FireEye offers some of the best threat intelligence.”
— The Forrester Wave™: External Threat Intelligence Services, Q1 2021

Innovation and advances in technology are removing the need to stockpile threat intelligence data from multiple vendors. Instead, research the right vendors and ensure they deliver the tools you need to inform your team of the latest threats to your organization. This can considerably ease the burden on the SOC, giving teams more time to undertake proactive activities such as threat hunting.


1 Forrester (March 23, 2021). The Forrester Wave™: External Threat Intelligence Services, Q1 2021