Vendor Norse  

Flagship product Norse Appliance and Norse Intelligence Service 

Cost Highly customizable – depends on products, services and size of the customer. 

Innovation Leading the charge in moving from threat intelligence to cyberintelligence 

Greatest strength Diversity within the cyberthreat continuum.

Norse

Norse is the big noise in cyberintelligence and with good reason. They are a nearly perfect mix of cyberintelligence in general and what we refer to as “bits and bytes” intelligence. There are important players in the open source and threat actor intelligence niches and there are solid players in the pure bits and bytes offerings, but there are none as comprehensive as Norse that straddle both communities. Norse is an excellent mix of knowing what is happening on the internet and knowing, as well, what that knowledge means in the overall threat intelligence community.

Probably Norse's biggest innovation, from the perspective of the information security industry in general, is the launch of its client and threat intelligence service. When discussing cyberthreat intelligence most people think of it as lists of IPs, malware and attacks. However, there is much more to cyberthreat management than that. Norse provides its services through an appliance and through its Intelligence Service. Because the appliance is constantly updating through the Norse cloud, it is far more efficient. Of course, the intelligence service is an excellent way for analysts to stay current with the cyberthreatscape, but for integration with other security tools you need the appliance. The appliance operationalizes that.

To complement the appliance there is the Norse Intelligence Service. Norse uses an intelligence SOC model. The appliance compares with Norse's datastore. While the service and the appliance can be individually bought, they also can be bought together and usually are. For Norse, it's all about context. For a long time, organizations have been myopically focused on their own networks. However, we need to see “over the hill." The proactive view has been the missing piece. Norse claims that it is striving to blaze a new trail, not to build a new firewall, DLP or SIEM – products that have become commoditized. In today's cyberenvironment, prevent, detect and respond is not good enough. For that reason Norse goes beyond the simple concept of threat intelligence to cyberintelligence.

Norse is able to apply tens of millions of rules to extremely high packet rates. In addition to their appliance and Intelligence Server, the company does incident response support. It teams with other vendors and provides forensic services. Norse also has a counter-intelligence team. The name of the game for this Innovator is adding more useful and important features, and being more and more proactive.