Threat intelligence providers are in high demand as organizations need to make sense of large volumes of threat data in a continuously changing threat landscape.

Threat intelligence platforms consolidate and deduplicate intelligence information, and help analysts act on findings. Services may integrate threat intelligence with other aspects of security services. Those include managed security services or managed IT infrastructure.

Our latest CF List for the first time focuses on threat intelligence. Analysts with Omdia, S&P Global Market Intelligence, Forrester and Frost & Sullivan weighed in on threat intelligence market trends and what it takes to be a successful threat intelligence provider.

Complexity, Attacks Growing

Mikita Hanets is an industry analyst in Frost & Sullivan’s cybersecurity practice.

Frost & Sullivan’s Mikita Hanets

“The growing volume and complexity of attacks drive the demand for threat intelligence solutions,” he said. “Organizations recognize the importance of proactive defense for staying ahead of cyber adversaries. In addition, confrontations between nation-states in the cyber domain will contribute to the demand for threat intelligence. Organizations turn to cyber intelligence providers to learn the modus operandi of hackers affiliated with nation-states and increase their chances of anticipating and preventing attacks.”

Allie Mellen is security and risk analyst at Forrester.

“Threat intelligence – and curated threat intelligence in particular – is critical to understanding and reacting to a constantly changing threat landscape, especially given many of the nation-state and hacktivist groups at play,” she said.

More Threat Intelligence Needed

Scott Crawford is research director, information security with 451 Research, part of S&P Global Market Intelligence.

“To some extent, threat intelligence … is something that both customers, as well as providers and their partners would like to see become more pervasive,” he said. “And that pervasiveness now extends across the enterprise, wherever it may be found, including in work-from-anywhere settings, not to mention across a growing spectrum of third parties: suppliers, partners and IT integrations with a wide variety of services ¯ particularly in the wake of cyberattacks that deliberately targeted the IT supply chain seen in the past year, and more recently with increased concern regarding the role of cyberattacks in international conflict.”

To say that M&A has shaken up the competitive landscape is an understatement, Crawford said.

“According to 451 Research’s M&A KnowledgeBase, in 2021 we saw nearly $4 billion in disclosed or estimated M&A deal value and more in deal values that weren’t disclosed,” he said. “There were at least 14 deals where threat intelligence was a primary focus of either the acquirer or the acquisition target.”

Crawford cited the following deals where threat intelligence played a role:

Provider Types

Rik Turner is principal analyst at Omdia, which shares a parent company with Channel Futures (Informa). He divides the threat intelligence market into three provider types. Those include:

Omdia’s Rik Turner

“There is also sort of a fourth route as exemplified by BrightCloud (part of OpenText via the Webroot acquisition), which is kind of a hybrid of No. 2 and No. 3, in that it doesn’t sell to end customers, but rather than MSPs and MSSPs who in turn sell it to their enterprise customers,” he said.

We’ve compiled a list above of 20 top threat intelligence providers based on analysts’ feedback and recent news reports. It’s in no particular order. The list, by no means complete, includes well-known providers. But it also features lesser-known providers making strikes in threat intelligence.