Threat "Intelligence" feeds - a few extra criteria
Over on his Gartner blog Dr Anton Chuvakin started the list of measures / criteria that could be useful for organisations looking to replace or augment their existing internal threat intelligence capability with external feeds.
A few criteria I can think of that might also be useful:
- The level of overlap in the TI feed with other freely available sources: you’re paying for the TI feed - the last thing you want its paying for something that is available freely elsewhere.