Cyberthreat Intelligence Effort Launched
LogRhythm Partners with Five Other VendorsSecurity intelligence firm LogRhythm has launched what it calls a "threat intelligence ecosystem" in collaboration with five other security vendors, giving customers the ability to customize the information they want in their intelligence feeds.
See Also: Gartner Market Guide for DFIR Retainer Services
"The Threat Intelligence Ecosystem allows customers the flexibility to determine from a variety of vendors, each with different intelligence acquisition methods, which [one] aligns to them," says Seth Goldhammer, director of product management at LogRhythm. Other participants in the new collaborative effort are CrowdStrike, Norse, Symantec, ThreatStream and Webroot.
LogRhythm will present a customer with a list of the different threat intelligence feeds they can purchase from the vendors involved. Whichever feeds are chosen, LogRhythm will work to consolidate and digest the information to meet the customer's needs, says Kurt Stammberger, senior vice president of market development at Norse.
"What people are recognizing is that threat intelligence sources are very different from each other," he says. "Different threat intelligence vendors specialize in gathering information from different parts of the Internet. Think of it as telescopes covering different parts of the sky."
It's important to note that there is no information sharing between the different threat intelligence vendors in the ecosystem, says Patrick Kennedy, vice president of enterprise marketing at Webroot. "Each acts as a self-autonomous threat intelligence service to the LogRhythm customer," he says.
LogRhythm hopes to recruit other security vendors to join the effort.
Measuring Success
The level of success will be based on whether a broader array of customers gains access to live attack intelligence, says Stammberger of Norse. "Right now, only about 35 percent of enterprises have any real threat intelligence initiative going on," he says.
Another measure of success is whether the ecosystem is able to recognize high-impact activities that allowed a customer to prevent a breach from occurring, Goldhammer says.
Analyzing the Initiative
Tyler Shields, a security analyst at Forrester Research, says this new initiative could prove effective if the analysis of the aggregated data is done well. "It's one thing to pull a number of great threat information data feeds into a single location, but it's a lot harder to properly analyze and determine highly accurate causation from disparate sources of data," he says.
Also, at a time when cyber-attacks are morphing so rapidly, it's a positive sign to see collaboration among security vendors, says Shirley Inscoe, an analyst at the consultancy Aite Group. "This is an instance where the sum of the parts truly can be much greater than the individual elements," she says. "Identifying attacks rapidly is essential in a real-time environment, and reducing false positives is key so that investigators can focus on the highest risk items instead of being distracted by a long list of possible threats."