In days of yore, hackers lurked in the shadows of the internet. These discrete, solitary beings worked on their own, enacting their mischief in the dark corners of the web. Kind of like bridge trolls but with keyboards instead of clubs.
But social media has changed all that—it has brought hacking into the mainstream, and there has been a growing convergence among hackers mutually sharing their methods and knowledge. More importantly, there has been an increased collaboration and active competition among these groups. There is now a threat ecosystem, which is guided by formal and informal structures, actively working to generate new attacks against end-user organizations.
So now it falls to said organizations to (attempt to) stay one step ahead, anticipate and mitigate attacks before they impact systems and information.
This is the ecosystem that has led to the development of threat intelligence security, the market for which is growing at a CAGR of 14.2 percent from 2013-2018.
At a glance, threat intelligence is a security service meant to thwart advanced, adaptive attacks. These new breeds of cyber-attack are immune to the traditional security solutions, hence the need for proactive, intelligent systems to prevent them.
The Dell Secure Works website provides a pretty good explanation of why enterprises should really consider investing in threat intelligence:
“These services provide the security professional with immediate security intelligence tailored to their environment. This saves teams time by not having to filter through alerts and advisories impacting systems they do not have in their infrastructure. Additionally, threat intelligence services prioritize vulnerabilities and predict threats, enabling security teams to rapidly take action. The better services also integrate vulnerability alerting with real-world threat intelligence to deliver the whole picture of the risk facing the organization.”
Threat intelligence services are largely given through the cloud by vendors that range from ICT and security vendors to MSSP providers.
While there are a number of high profile vendors all operating in the market, TechNavio analysts have dug up some info on some of the leading vendors in the Global Threat Intelligence Security Market.
IBM
IBM X-Force Threat Intelligence monitors the latest threats, vulnerabilities, and advanced malware, and advises customer organizations on how to detect and prevent attacks. Solutions concentrate on accurate security enforcement, as data is collected from thousands of managed customer devices and through global analytics tools, sensors on darknets, and honeypots.
The threat intelligence group in IBM is part of the managed security services business. During the forecast period, the company will continue to gear their services towards small and medium businesses, as well as large enterprises, and provide intelligence services including subscription for news feeds, threat analysis service, and remote security assistance.
McAfee
McAfee offers global threat intelligence as an optional subscription service to its customer organizations. The services enhance the capabilities of network security products deployed in customer networks across various end-user sectors.
The main characteristics of McAfee’s offerings include a reputation-based real-time intelligence service that takes policy-based actions in the wake of attacks. McAfee is one of the few vendors that has consistently updated knowledge about new blacklisted sites.
Symantec
Symantec offers DeepSight, a threat intelligence service that takes input from more than 180 million endpoints and more than 200,000 network devices. The service tracks known and unknown vulnerabilities and prevents attacks on web, email, messages, and network, and its DeepSight Early Warning Services portal offers customers up-to-date intelligence on new trending attacks.
One of the main advantages of DeepSight is that it offers customers the chance to perform effective correlations and analysis within its own networks.
Trend Micro
Trend Micro’s Threat Intelligence Manager provides actionable intelligence and real-time incident response for physical servers, cloud and virtual machines. The solution centers on reducing reaction time, in order to effectively prevent attacks on customer networks.
The company’s Smart Protection Network also delivers global threat intelligence that uses big analytics to identify and analyze new sophisticated threats. Over the projected period, Trend Micro will see increases in sales of its threat intelligence solutions particularly from existing customers that have already opted for integrated security solutions.