Throughout the course of my career I’ve been blessed to work with some of the most talented folks in the security and cyberthreat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense Security Intelligence Services team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization.
Keep in mind that this was before the explosion of CTI in the marketplace and the myriad of different CTI vendors that have emerged over the past few years. The broader availability of CTI providers has made the task of understanding their capabilities and how their services address (or, more importantly, don’t address) an organization’s requirements more difficult. Essentially, CTI should help these organizations make better decisions and improve the overall security posture of their business.
Enter Forrester Research’s Nov. 3, 2015 report: “Vendor Landscape: S&R Pros Turn To Cyber Threat Intelligence Providers for Help.” The report, as Forrester puts it, seeks to “give S&R pros the tools to evaluate cyber threat intelligence providers along with analysis of 20 of the top players in the space.”
The “Provider Evaluation Criteria” section of the report includes critical intersections between the intelligence cycle and how a given provider’s capabilities map to its intelligence collection, analysis and generation phases. Here, the authors provide some salient recommendations for organizations looking for a CTI provider. Please download the report to get what I believe is some of the best guidance out there on that subject.
Based on my experience, I’d also add a few more to the list:
- A good CTI provider should help you cut through media and marketing hype, not contribute to it. Make sure your vendor isn’t more concerned with making a marketing splash than operating with discretion in the mission space.
- Your vendor should be able to “walk the walk.” Please make sure they have a proven operational track record that is reflected in their processes, approach, client feedback and longevity. Make them show you their capability.
- In this industry, reputation matters. Make sure your vendor has staff that maintains good standing and solid peer relationships in the security and cyber-intelligence communities.
- How does the vendor plan to address your business in a year? Make sure your vendor continues to innovate and has a product and development roadmap that supports your needs and growth goals.
If you have any additional suggestions to add to the list, I’d love to hear about them in the comments section.