Defining Metrics for Comparing Threat Intelligence Solutions Through the Lens of the Analyst

Threat intelligence can be a valuable tool for any cybersecurity team. However, paid solutions are often costly. Furthermore, it is difficult to determine what solution is suitable for the organization, especially when the perspective of the analyst implementing the solution is often not consulted. This paper derives metrics from comparing three threat intelligence solutions with free options through the analyst’s lens to rank them. The metrics enumerate the challenges an analyst may face when adopting the solutions. Three main criteria are identified when evaluating a solution: the quality of the user interface, the quality of the programmatic interface, and the quality of the data for threat intelligence operations. Drawing from existing research on these topics, further criteria and questions are developed for each metric to “score” the solution. The scores are combined to rank the solutions. These scores and the criteria that inform them lead to a baseline that an employer or vendor can utilize to evaluate the successful implementation of a threat intelligence solution.