• How-to Guide
10(ish) Questions to Ask Every Threat Intelligence Vendor

In this episode of the Dr. Dark Web podcast, we share the top 10(ish) questions to ask yourself and your CTI vendor.

Listen Now

Episode Summary

Picking a good cyber threat intelligence vendor is an important decision. And you’ve got to prepare some strategic questions to ask your potential vendors if you want to make sure you end up with a reliable and professional partner.

But first, you have to know yourself; most importantly, you have to know your WHY.

CSG Podcast Logo for Spotify

Key Insights

Know thyself. You should know your main goals and motivation before picking a threat intelligence vendor. One of the most important questions to ask yourself is why you are doing what you’re doing. “For me, the top things are — there are two real big ones. And the whole point of the ‘why’ comes down to a couple of different things. Are you doing it for efficiency? In other words, we don’t know what we don’t know, and we want to understand it. And how do we do it in the most efficient way possible? So that’s part number one. Are we doing it for visibility and awareness? In other words — back to the ‘we don’t know what we don’t know’ — if we’re going to put our head above the parapet, how do we actually tell what’s useful, usable, scalable, and actually effective to help with? […] Then the other big one is basically justification. So if you’re looking at next year’s budget or you’re looking at even going through this year’s or when your fiscal year ends or headcount — if you’re having to justify, to some degree, your existence — understanding internal and external threats and the risks associated with them is a really good way to start on that ‘why are we doing it’ exercise.”

Strategic, tactical, operational, OR other types of intelligence? The next step is to determine what type of intelligence your potential vendor can provide. Also, think about what type of intelligence matches your goals. “Strategic. How are you looking at the market itself? How are you looking at geopolitical areas? How are you looking at critical infrastructure as a whole or whatever your area is? Tactical. Well, what the heck is going on? APT group, ABC, Cozy Bear over here, and a whole bunch of Muppets in a different direction. What the Smurf are doing is great to know, but then you’ve actually got to bring in, ‘Well, why do I care?’ And then operationalizing that data as well is that other part of it. In other words, you’ve told me that IP sucks. Well, why? For how long? How long has it been? What’s happened with it, and what the heck am I going to do with it?”

Whose data are they collecting, where are they getting it from, and how? The following questions revolve around data collection. “All of this is information that you need to understand what they’re collecting because if you understand what they’re collecting, you could also understand what they’re missing. […] So the data is another interesting one. Take a messaging stream — this is a perfect example of what kind of data. Are they collecting 24 hours’ worth of messaging? And how can you disseminate what’s good, bad, and what’s ugly, and how are they doing it?”

Top 10(Ish) Questions To Ask

Why are we doing it?

Who’s the consumer OF the data we will produce?

Do I want (and do you have) strategic, tactical, operational, OR other types of intelligence?

Who’s data are you collecting?

Where are you collecting it from?

How are you collecting it, how are YOU sorting the woods from the trees?

What context are you providing along with any raw data?

What does your platform support? (commercial, open source, community, internal, etc.)

Can I customize the inbound data, if so how?

How (if any) are rankings, scoring, or risk metrics applied (method, madness?)

What happens if I want more platforms, systems, seats, etc?

Where’s MY data kept? The stuff I’m building (or you are) about MY company? (the intel packet?)

Talk to me about your methodology (Plan, Collect, Process, Analysis, Dissemination, AND Feedback)

Discover how Cybersixgill’s products can support your business

Contact our experts to discover which solutions are the best fit for your company's needs

Book a demo

Listen to the podcast

Recommended resources

Video

Emerging trends from the underground

In the first of our three part series, our panel discuss the most notable changes in threat actor behavior from the cybercriminal underground, analyzing the impact of these trends on security, vulnerability and GRC teams.

Watch now
Video

Better Together: CTI + ASM

Join our expert panel as they discuss the merits of attack surface management and why organizations are increasingly investing in the solution.

Watch now
Video

Are the barriers of entry to cybercrime reducing?

In our third and final panel discussion, we take closer look at how a perfect storm of events in the cybercriminal underground could impact your business.

Watch now