Every year attacks become more prevalent and more sophisticated. Last year was no exception. If you then throw in a global pandemic, explosion of remote work, and increased digitization, you can begin to get an idea of the new challenges that security leaders face. In light of these themes, and as I reflect on our record-breaking year, it’s clear that many security teams are turning towards threat intelligence providers to help overcome these challenges.
In case you missed it, Digital Shadows (now ReliaQuest) was mentioned as a Representative Vendor in the 2021 Gartner® Market Guide for Security Threat Intelligence Products and Services report.
Organizations are drowning in data and information
We’ve written numerous times on the challenge of noise within traditional threat intelligence feeds and the importance of “Saving The SOC From Overload”. Most security leaders I speak with are constrained by the resources they have available to them. I do not believe the answer is to throw more data at them.
According to this Market Guide report, “organizations are drowning in data and information, which is not the same as intelligence, resulting in poor operational use of the data and information to which they have subscribed.”
“A significant number of organizations, based on client inquiry, are at the bottom of the DIKI pyramid even after buying TI solutions. They are overwhelmed with data and information because they have not defined what they really need to focus on and care about.”
We work hard to ensure the intelligence Digital Shadows (now ReliaQuest) provides is fully aligned to our customers’ key concerns, which ensures the output is fully tailored and relevant to their business.
Consolidation of Markets Demands Breadth
According to Gartner Market Guide for Security Threat Intelligence Products and Services “changes to the environment and business, such as remote workforces, have increased the number of attack vectors and require increased coverage for new use cases.”
Indeed, as new threat intelligence use cases emerge, it’s only natural that existing markets will come together. Gartner recommends that end users “use DRPS services to gain visibility over expanding digital footprints and minimize exposure risks, but ensure the findings can be operationalized and mitigated in some manner and tracked for risk posturing”.
As businesses look to consolidate their existing threat intelligence products, I also believe we will continue to see more businesses looking to accommodate more use cases.
Digital Shadows (now ReliaQuest) has always been uniquely placed in the breadth we offer our customers. Our service incorporates traditional threat intelligence services, but also extends to EASM and DRPS use cases. This breadth enables us to be focused on accommodating the most important use cases to their business and help reduce risk, without requiring additional headcount.
Threat Intelligence at Home in the SOC, But Aligns to Other Teams
The broad set of use cases enabled by new and emerging threat intelligence capabilities appeals to many stakeholders, including “brand teams, marketing teams, fraud teams, and compliance and legal functions”.
However, threat intelligence increasingly sits within security operations as a core function (and, by extension, XDR providers).
According to Gartner, “Threat intelligence should be a core function of the modern security operations center (SOC) and security programs that underestimate the value of it will find it hard to effectively mitigate threats.”
In this report, Gartner recommends that Security and risk management leaders responsible for security operations should “justify budget by articulating the value of threat intelligence and how foundational it is to the success of the security operations program and protection of the business.”
There is a growing understanding of the need to move away from threat data to actionable use cases that are tied to business needs. As many of these responsibilities become embedded in the SOC, 2022 offers an exciting opportunity for those businesses looking to build or enhance their threat intelligence capabilities in 2022.