Cyberthreat intelligence (CTI) is an overcrowded space that is overdue for contraction. In general, we see it filled with smaller vendors with founders who come from an intel background, got enough funding to land a Fortune 100 client (not exclusively, mind you), and have put their logo into every pitch deck they use when going on fishing trips. My personal observation from covering the space is that the biggest impediment to this space is that vendors have no way of measuring the efficacy of what they are providing, so clients in turn can’t really show a return on investment either — not a good way to live.
The predicament of recommending CTI sources for companies with smaller budgets that can’t afford to throw money at something they can’t show a return on has led to one of the most important reports I’ve written on the subject, a treatise on why and how to “Maximize The Benefit Of Cybersecurity Information Sharing Organizations.”
Time and again, we receive feedback from clients that the one source of intelligence they absolutely could not do without is their peer information sharing groups. The reason is twofold:
- Peers make the best honeypots. Imagine your organization benefiting from elevated awareness and indicators from emerging threats specifically targeting organizations with the same threat model. Someone is spending a lot of time building infrastructure that looks a lot like yours. Benefit from this!
- Peers make for the best benchmarks. The old saying about not having to outrun the (Fancy) Bear holds particularly true here. Forrester receives a ton of inquiry around peer benchmarking. Join these groups to learn and share experiences and strategy.
Hopefully, this report helps demystify the alphabet soup of ISACs, ISAOs, and other peer sharing groups while offering direction for how you can leverage these groups successfully. I look forward to your feedback.
Image source: Flickr