Gartner Blog Network

Starting Threat Intelligence Research

by Anton Chuvakin  |  January 2, 2014  |  5 Comments

Threat Intelligence!

For some, these two words literally drip with sex appeal of battles at the very frontier of cyber-space, James Bond-like stunts of APTs, and incredibly powerful – and, of course, super-secret! – exploits known only to the select few. For others, TI is a boring list of IP addresses, promised to be “bad” by some unknown party with questionable skill levels, and yet another security function to procure and manage.

My first project of the year will focus on sorting through all this noise in order to answer questions such as these:

  • What types of threat intelligence (TI) data are out there?
  • What capabilities for threat intelligence should organizations develop?
  • How to use threat intelligence data operationally? [a key focus!]
  • How to compare threat intelligence data feeds?
  • How to integrate threat intelligence data with SIEM, NFT, ETDR and other security tools?
  • What is internal threat intelligence and who creates it?
  • How to start your threat intelligence capability?

FYI, existing Gartner coverage of threat intelligence:

And here is my call to action:

  • Vendors, got anything to say about it? Here is a briefing link … you know what to do!
  • Enterprises, got a threat intelligence-related story to share – both WIN stories or FAIL stories will do fine? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: announcement  security  threat-intelligence  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on Starting Threat Intelligence Research

  1. Boris Taratine says:

    Very timely! May be we can communicate off line to exchange thoughts and ideas?

  2. @boris Thanks for the comment. Happy to exchange thoughts and ideas!

  3. […] ← Starting Threat Intelligence Research […]

  4. Dani says:

    Hi Anton,

    Funny research :-). Have you been thinking about threat intelligence tools that look outside the network for new cyberthreats which escape of network perimeter controls?. There are several companies into a new “space”, such as seculert, riskiq or our company optos intelligence :-).



  5. @dani

    Thanks for the comment. Yes, I have spoken and will speak with some of these vendors. Optos is the one I never heard about or from 🙁

    Feel free to use a Vendor Briefing form here to schedule a talk:

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.