Security Experts:

Connect with us

Hi, what are you looking for?


Security Architecture

Tips to Help MSSPs Choose a Threat Intelligence Partner

As small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks, managed security service providers (MSSPs) that cater to SMBs face both an immense opportunity and a considerable challenge.

As small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks, managed security service providers (MSSPs) that cater to SMBs face both an immense opportunity and a considerable challenge.

The opportunity is for MSSPs to harness the growing demand among SMBs for proactive security services by augmenting their offering portfolios with threat intelligence. Indeed, an integrative and well-executed threat intelligence program can arm MSSPs with the visibility and context they need in order to preempt attacks on their clients’ networks and ultimately help them attain a stronger, more proactive security posture.

While building such a program in-house simply isn’t realistic for most MSSPs given the extensive resources required, those wishing to offer threat intelligence to clients can still do so through an external vendor. The challenge is that choosing which vendor to partner with can be exceptionally difficult for MSSPs due to the oversaturation and complexity of the threat intelligence market. Here are three tips that can help:

1. Collection strategy due diligence is imperative

As I discussed in one of my previous columns, collection strategy is both the biggest differentiator and most important factor to consider when evaluating a threat intelligence vendor. This is largely because a vendor can only provide intelligence on the threats and adversaries visible within the data sources its collection strategy covers. 

The key takeaway here for MSSPs is to do your due diligence on the collection strategies of prospective threat intelligence partners. Keep in mind that the best partner is one that provides extensive visibility into the types of threats and adversaries your clients face.

An MSSP that works primarily with retailers, for example, may want to consider partnering with a vendor whose collection strategy includes underground card shops, illicit forums frequented by fraudsters, and other types of data sources relevant to the various types of fraud—such as payment card, account takeover, and refund fraud—prevalent in the retail industry.

2. Don’t overlook the importance of finished intelligence

MSSPs less familiar with the threat intelligence space may initially feel overwhelmed with the seemingly countless different ways in which vendors describe the intelligence they offer. But there is one type of intelligence that is uniquely valuable and worth seeking in a partner: finished intelligence. This refers to intelligence derived from relevant data that has been contextualized, analyzed, and packaged in a consumable, understandable format alongside all necessary details. In other words, finished intelligence is actionable.

For MSSPs seeking to help their clients attain a more proactive security posture, finished intelligence can add context to disparate data feeds and indicators, provide insight into the motivations and capabilities of threats and adversaries, and help inform the correct course of action needed to mitigate the risks posed by those threats and adversaries. Unfortunately not all vendors offer finished intelligence, but given these benefits, MSSPs should strongly consider partnering with one that does.

3. Consider your existing services and technologies 

Most MSSPs rely to some degree on technologies including firewalls, security event and information management (SEIM) systems, and orchestration platforms to service their clients. Integrating threat intelligence, as well as the data from which it is gleaned, into these technologies can bring additional context and efficiency to the use cases they support—from log monitoring and vulnerability management, to incident response and threat hunting. Naturally, this requires a threat intelligence partner with suitable integrations and/or an API, both of which are crucial for MSSPs to seek out and evaluate when considering prospective partners.

Although these three tips are only a few of many other important considerations when selecting a threat intelligence partner, they are a good starting point. Above all else, MSSPs should keep in mind that since they are often a lifeline to their clients, any partnerships they establish to better support these clients—regardless of business benefits—should always be approached  thoughtfully.  

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Security Architecture

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.