Cyber threat intelligence (CTI) is the cornerstone of mature cyber defence programs and a sought-after product category that allows organizations to adapt their security posture to the rapidly evolving threat landscape.
CTI is a segment of the threat intelligence services market, which also includes threat intelligence platforms and digital risk protection.
Frost & Sullivan forecasts the global CTI market to see a two-and-a-half-fold growth, reaching $981.8 million by 2023 from $392.2 million in 2020, up at a compound annual growth rate (CAGR) of 35.8%.
“With the growing cost of cybercrime and increasing confrontations between geopolitical rivals in the cyber domain, organizations turn to CTI providers to learn the modus operandi of attackers and increase their chances of anticipating and preventing damages,” said Mikita Hanets, cybersecurity research analyst at Frost & Sullivan.
He added that customers want affordable consolidated solutions that are easier to use. As a result vendors are adding ‘intelligent’ features like the ability to provide insights about relevant cyber activity. Also, to take a more active role in operationalizing threat intelligence with either homegrown software or partnerships with other security vendors.
Hanets added that: “The emergence of the software-as-a-service (SaaS) model presents new opportunities for CTI vendors. A growing number of threat intelligence providers are repositioning themselves as SaaS vendors that support a range of intelligence-related use cases.”
Growth opportunities
Expansion into the digital risk protection (DRP) market: Convergence between the CTI and DRP segments will help vendors become go-to suppliers of CTI, ranging from indicator of compromise feeds to information about leaked credentials. It will also allow them to penetrate the midmarket with DRP use cases and upsell other intelligence products over time.
Broaden into the threat intelligence platforms (TIP) market: The addition of use cases going from the aggregation of threat feeds to basic threat hunting functionality will enable CTI vendors to provide a comprehensive SaaS offering that enables customers to access threat intelligence and operationalize it on a single platform.
Partnerships with security vendors: Security vendors should market a more expensive version of the product (e.g., endpoint security) enhanced by threat intelligence in collaboration with one or several CTI vendors. These partnerships would enable threat intelligence providers to drive revenue growth and increase market share.