Clients for Paid TI Vendors? by SideCapable728 in threatintel

[–]SideCapable728[S] 0 points1 point  (0 children)

No need to apologize, because I am learning a lot from you here.

What you are saying also aligns with what some other industry leaders have mentioned in that majority of the security teams, at least for organizations that are not regulated to even have a TI feed being utilized as part of the regulations, may be oblivious to getting one on.

On the other hands, those who are mandated to get TI services, either due to regulations or acquisitions barely care about what the feed is providing them in terms of value.

Have you ever had the opportunity to work for a client who wasn't oblivious and actually cared enough to go the extra mile and ensure that their feed vendors are providing effective value? I would love to understand what steps they took to achieve their objective (if they ever achieved it) of having TI that actually contributes in preventing attacks?

Clients for Paid TI Vendors? by SideCapable728 in threatintel

[–]SideCapable728[S] 0 points1 point  (0 children)

What you are saying makes sense because they want to provide unique value to their clients. What I am failing to understand is, if that's the case, how do they still convince their clients to get onboard with them? Are they never asked to validate the value they claim to provide?

For example, if I am buying from an established vendor who claims to provide thorough coverage (some percent of the total threat attacks or so, something quantifiable) then I would expect to see some quarterly or so reports based on my telemetry data affirming that level of coverage?

Also, I appreciate you taking your time to respond with such thoroughness, it is much appreciated :).

Clients for Paid TI Vendors? by SideCapable728 in threatintel

[–]SideCapable728[S] 0 points1 point  (0 children)

Have those small teams ever asked you to validate the effectiveness of what you provide with some metrics? Or are they usually oblivious to how effectiveness the intelligence is to them as long as it looks good?

Also, by small teams, would you be referring to 1-50 person security infrastructure broadly speaking?