Over on his Gartner blog Dr Anton Chuvakin started the list of measures / criteria that could be useful for organisations looking to replace or augment their existing internal threat intelligence capability with external feeds. A few criteria I can think of that might also be useful: - The level of overlap in the TI feed with other freely available sources: you’re paying for the TI feed - the last thing you want its paying for something that is available freely elsewhere.