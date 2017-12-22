This is a tough category because today just about every product that we consider next generation claims to perform threat analysis and intelligence gathering or, at least, ingestion. We like those products because they say something very important about the evolution of the marketspace. However, for our purposes here we considered only those products whose primary function was threat analysis and/or Intelligence gathering and dissemination.

On the other hand, from our perspective, it is one of the most fascinating group in the bunch. It certainly has evolved faster than any other. What also is interesting is the variety of approaches these innovators take. This year we have four incumbents. Each one covers a different part of the threat intelligence gathering landscape and, in fact, a different part of the threatscape itself. One – one of our favorites – is a woman-owned and operated outfit that really puts the lie to the old saw about women cannot make it in tech. Their approach is different from any we've seen.

Threat intelligence can be carved into several pieces. First, there is closed source intelligence. This focuses on access to people. Second, we have open source intelligence which usually focuses on access to information. Another approach is digital intelligence. This comes largely from threat streams generated by tools that are sensing some element of the threatscape such as malware, phishing, or some such. For closed source we need boots in the street – both physical and virtual boots. That is how we get access to people. The intelligence analysts in this field have extensive penetration into the forums where the bad guys operate. They also have access to many of the actors themselves.

Open source largely is screen craping and meticulous collection, curation, cataloging and cross-correlating data. Finally, digital intelligence takes a huge number of globally-positioned sensors that constantly are gathering data and shipping it to a central source for curation and analysis. We have a good cross-section of players this year and two of them have been with us for some time. One is in its second year and one is new and certainly bears watching. In any event, this is a hotly growing category and it will be interesting to see how it evolves. There is a good possibility with this one that over the next three years or so it will be subsumed by another (or several other) category.