Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

When it Comes to Threat Intelligence, a Multi-Vendor Strategy is Needed

No Intelligence Vendor Has 100% Visibility Into What is Happening on the Web

No Intelligence Vendor Has 100% Visibility Into What is Happening on the Web

The fact that there is no silver bullet for cyber security, but instead every organization needs to work with a variety of vendors, has shaped the common practices of how we purchase security solutions. In many cases, there’s a checklist – we need a firewall, an end-point protection solution, a SIEM, a penetration service, a cloud security solution, and many other types of solutions to cover all of our bases. We review the alternatives in the market, compare their offering and their cost, allocate the available budget accordingly and prioritize. Once an item on the checklist is checked, we move on to the other items. After all, we don’t need two firewalls, or two SIEM solutions. However, in threat intelligence, an item that appears in many organizations’ checklists, it may be quite advantageous to have multiple vendors. Here’s why.

The purpose of threat intelligence is to collect data from a variety of sources outside of the organization’s perimeters and generate intelligence on what is happening “out there”, enriching the organization’s security operations. Just like a military would find it difficult to fight without any knowledge of the adversary’s position or movement, so is the security team at a major disadvantage without such information. Threat intelligence provides visibility that extends beyond the organization’s perimeters – and this visibility is based on the vendor’s coverage on intelligence sources. 

The fact is that no intelligence vendor has 100% visibility into what is happening on the web. As organizations’ visibility is limited to what their threat intelligence vendors cover, by definition they will never have full visibility. In cyber security, where a single incident can be devastating to an organization, the greater the visibility – the better. Increased visibility means higher chances of detecting a potential incident and mitigating its threat. Considering that no two threat intelligence vendors have the exact same coverage – this is where a multiple vendors strategy comes into play.

The most efficient way to implement such a strategy isn’t just numbers. It’s not just about getting as many vendors as you can in the available budget – but choosing vendors that complement each other. Threat intelligence is quite a broad term, used to describe many types of offerings. More so than that, many threat intelligence vendors that have similar offerings may have quite a different coverage – with each having a different expertise and focus. Some vendors may try to be a one-stop-shop, covering as much as they can (but again, 100% visibility is impossible), while others may be more niche and provide complimentary services. 

When reviewing a threat intelligence vendor as part of a multi-vendor strategy, it is best to review their unique value proposition – not so much in features, but in terms of intelligence. Do they provide intelligence that other vendors don’t? How many deliverables do they provide of a certain type that others also cover, compared to these other vendors? You may discover that the price of the intelligence service is well worth the unique deliverables by the vendor (i.e. intelligence alerts not provided by the other vendors).

The fact that some overlap exists, which is usually the case, is not a bad thing. Since the organization relies on the data coming in from the threat intelligence, without comparison it is neigh impossible to evaluate a single vendor. Having multiple vendors helps identify the strengths and weaknesses of each service – which may be quite helpful both on an on-going basis, but also when it comes a time to evaluate the current solutions being used and building a new stack of threat intelligence vendors that complement each other.

The necessity of multiple intelligence vendors is not a new concept in the industry, mainly in large enterprises. As a testament of that, we see the popularity of solutions designed to collect and process threat intelligence data from a variety of sources – including multiple vendors. However, there are still quite a lot of organizations who use threat intelligence but continue to see it as yet another item to cross off the list.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...