Explosive Growth of the Threat Intelligence Market
Threat Intelligence (TI) is a rapidly growing market, with analysts predicting it will reach up to 55 billion US dollars by 2033. In Russia, the market has doubled over the past two years. In this article, we will discuss what is included in the concept of TI, and how cyber intelligence looks from the point of view of the customer.
What is Threat Intelligence?
Experts sometimes disagree on what Threat Intelligence is. Some argue that TI is more about applying knowledge about cyber threats when responding to incidents, while others say that the main focus is on malware research, classifying intruders, or collecting indicators of compromise.
The reason for the controversy is likely due to service providers setting the tone, and proceeding from a position convenient for themselves. Everyone advertises the direction in which they are engaged.
Threat Intelligence can include all of the above. But this article and the practical course on Threat Intelligence focus on the use of TI from the consumer’s perspective, as it has its own characteristics.
What is the Value of Implementing and Using Threat Intelligence?
Let’s look at the history of Threat Intelligence. If we don’t go into the history of certain types of intelligence, such as OSINT, TECHINT, SOCMINT, GEOINT, HUMINT and others, which developed largely thanks to the efforts of the military, then the end of the 2000s can be considered the time of the emergence of Threat Intelligence.
Mentions were made before, but it was at that time that the base was formed, which then turned into the familiar TI. This is when the iSIGHT company appeared, which was the first to call proactive detection of cyber threats its main activity (in 2016 it was bought by an American company fire eye).
At the same time, it became clear that traditional information security solutions based primarily on reactive measures were no longer enough to protect against growing cyber threats. Preventive measures, which were already widely used in large companies, also do not always help, as attackers come up with new sophisticated ways to bypass them. This started an arms race between cybercriminals and defenders.
In 2011, the world witnessed one of the most resonant computer attacks in the history of the development of information systems. US and Israeli intelligence agencies jointly managed to develop malware called Stuxnet and use it to attack the computer system of Iran’s nuclear program. This case showed everyone how serious damage a computer attack can cause, not just in the virtual world, but in the real world.
Many vendors, assessing the prospects of a new direction, rushed to create products under the catchy banner of Threat Intelligence, sometimes passing off tools that have long been known to the industry.