The CF List: 20 Top Threat Intelligence Providers You Should Know

Cisco, AT&T, Verizon and CrowdStrike made it. See who else and why.

Edward Gately, Senior News Editor

March 15, 2022

20 Slides

Threat intelligence providers are in high demand as organizations need to make sense of large volumes of threat data in a continuously changing threat landscape.

Channel_Futures_Signature_Series_Logo-300x300.pngThreat intelligence platforms consolidate and deduplicate intelligence information, and help analysts act on findings. Services may integrate threat intelligence with other aspects of security services. Those include managed security services or managed IT infrastructure.

Our latest CF List for the first time focuses on threat intelligence. Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on threat intelligence market trends and what it takes to be a successful threat intelligence provider.

Complexity, Attacks Growing

Mikita Hanets is an industry analyst in Frost & Sullivan’s cybersecurity practice.


Frost & Sullivan’s Mikita Hanets

“The growing volume and complexity of attacks drive the demand for threat intelligence solutions,” he said. “Organizations recognize the importance of proactive defense for staying ahead of cyber adversaries. In addition, confrontations between nation-states in the cyber domain will contribute to the demand for threat intelligence. Organizations turn to cyber intelligence providers to learn the modus operandi of hackers affiliated with nation-states and increase their chances of anticipating and preventing attacks.”

Allie Mellen is security and risk analyst at Forrester.

“Threat intelligence – and curated threat intelligence in particular – is critical to understanding and reacting to a constantly changing threat landscape, especially given many of the nation-state and hacktivist groups at play,” she said.

More Threat Intelligence Needed

Scott Crawford is research director, information security with 451 Research, part of S&P Global Market Intelligence.

“To some extent, threat intelligence … is something that both customers, as well as providers and their partners would like to see become more pervasive,” he said. “And that pervasiveness now extends across the enterprise, wherever it may be found, including in work-from-anywhere settings, not to mention across a growing spectrum of third parties: suppliers, partners and IT integrations with a wide variety of services ¯ particularly in the wake of cyberattacks that deliberately targeted the IT supply chain seen in the past year, and more recently with increased concern regarding the role of cyberattacks in international conflict.”

To say that M&A has shaken up the competitive landscape is an understatement, Crawford said.

“According to 451 Research’s M&A KnowledgeBase, in 2021 we saw nearly $4 billion in disclosed or estimated M&A deal value and more in deal values that weren’t disclosed,” he said. “There were at least 14 deals where threat intelligence was a primary focus of either the acquirer or the acquisition target.”

Crawford cited the following deals where threat intelligence played a role:

  • Mandiant’s separation from the FireEye products business.

  • Microsoft’s acquisition of RiskIQ.

  • The sales of Blueliv, Intel471, Team Cymru and Flashpoint to private equity firms.

  • ZeroFox’s pickup of Cyveillance, DomainTools’ reach for Farsight Security, and more.

Provider Types

Rik Turner is principal analyst at Omdia, which shares a parent company with Channel Futures (Informa). He divides the threat intelligence market into three provider types. Those include:

  1. Community/open-source providers.

  2. Security vendors who gather threat intelligence because of their market presence. They then use it as an incentive for customers to buy and stick with their products.

  3. Pure-play threat intelligence vendors, who themselves fall into multiple subcategories, depending on what type of threat intelligence they are gathering.


Omdia’s Rik Turner

“There is also sort of a fourth route as exemplified by BrightCloud (part of OpenText via the Webroot acquisition), which is kind of a hybrid of No. 2 and No. 3, in that it doesn’t sell to end customers, but rather than MSPs and MSSPs who in turn sell it to their enterprise customers,” he said.

We’ve compiled a list above of 20 top threat intelligence providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known providers making strikes in threat intelligence.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like