Home / Blogs

How to Choose a Cyber Threat Intelligence Provider

Throughout the course of my career I’ve been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization.

Keep in mind that this was before the explosion of CTI in the marketplace and the myriad of different CTI vendors that have emerged over the past few years. The broader availability of CTI providers has made the task of understanding their capabilities and how their services address (or, more importantly, don’t address) an organization’s requirements more difficult. Essentially, CTI should help these organizations make better decisions and improve the overall security posture of their business.

Enter Forrester Research’s Nov. 3, 2015 report: “Vendor Landscape: S&R Pros Turn To Cyber Threat Intelligence Providers for Help.” The report, as Forrester puts it, seeks to “give S&R pros the tools to evaluate cyber threat intelligence providers along with analysis of 20 of the top players in the space.”

The “Provider Evaluation Criteria” section of the report includes critical intersections between the intelligence cycle and how a given provider’s capabilities map to its intelligence collection, analysis and generation phases. Here, the authors provide some salient recommendations for organizations looking for a CTI provider. Please download the report to get what I believe is some of the best guidance out there on that subject.

Based on my experience, I’d also add a few more to the list:

  • A good CTI provider should help you cut through media and marketing hype, not contribute to it. Make sure your vendor isn’t more concerned with making a marketing splash than operating with discretion in the mission space.
  • Your vendor should be able to “walk the walk.” Please make sure they have a proven operational track record that is reflected in their processes, approach, client feedback and longevity. Make them show you their capability.
  • In this industry, reputation matters. Make sure your vendor has staff that maintains good standing and solid peer relationships in the security and cyber-intelligence communities.
  • How does the vendor plan to address your business in a year? Make sure your vendor continues to innovate and has a product and development roadmap that supports your needs and growth goals.

If you have any additional suggestions to add to the list, I’d love to hear about them in the comments section.

By Josh Ray, Vice President of Cybersecurity Intelligence at Verisign

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign


Sponsored byDNIB.com

New TLDs

Sponsored byRadix