Blog post

Starting Threat Intelligence Research

By Anton Chuvakin | January 02, 2014 | 4 Comments

threat intelligencesecurityannouncement

Threat Intelligence!

For some, these two words literally drip with sex appeal of battles at the very frontier of cyber-space, James Bond-like stunts of APTs, and incredibly powerful – and, of course, super-secret! – exploits known only to the select few. For others, TI is a boring list of IP addresses, promised to be “bad” by some unknown party with questionable skill levels, and yet another security function to procure and manage.

My first project of the year will focus on sorting through all this noise in order to answer questions such as these:

  • What types of threat intelligence (TI) data are out there?
  • What capabilities for threat intelligence should organizations develop?
  • How to use threat intelligence data operationally? [a key focus!]
  • How to compare threat intelligence data feeds?
  • How to integrate threat intelligence data with SIEM, NFT, ETDR and other security tools?
  • What is internal threat intelligence and who creates it?
  • How to start your threat intelligence capability?

FYI, existing Gartner coverage of threat intelligence:

And here is my call to action:

  • Vendors, got anything to say about it? Here is a briefing link … you know what to do!
  • Enterprises, got a threat intelligence-related story to share – both WIN stories or FAIL stories will do fine? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Boris Taratine says:

    Very timely! May be we can communicate off line to exchange thoughts and ideas?

  • @boris Thanks for the comment. Happy to exchange thoughts and ideas!

  • Dani says:

    Hi Anton,

    Funny research :-). Have you been thinking about threat intelligence tools that look outside the network for new cyberthreats which escape of network perimeter controls?. There are several companies into a new “space”, such as seculert, riskiq or our company optos intelligence :-).



  • @dani

    Thanks for the comment. Yes, I have spoken and will speak with some of these vendors. Optos is the one I never heard about or from 🙁

    Feel free to use a Vendor Briefing form here to schedule a talk: