Which firm, company or solution can have the most comprehensive source of threat intelligence? The question should come to your mind when you are shopping for this security matter for any reason.
Sources can have different type of data and then convert it to useful information via either active or passive mechanisms to gather intelligence, but most important factor is being traffic inclusive regardless of what type of data is being gathered and how it is being analyzed, translated into different contexts (businesses and functions) and presented.
So, the question is: where we can find an all-inclusive traffic observer? Is this a company, with that shinny solution, which claims they have thousands of customers and they anticipate threats in a very broad spectrum because they have from small business to large, from healthcare to technology, from manufacturing to accommodation?
No entity can have better threat intelligence than an ISP when it comes to traffic, everything will be extracted from traffic, how a firm with 10 thousand of customers can have better vision comparing to a small ISP with millions of users?! The best threat intelligence can be collected via ISP gateways, that is where we can observe, collect, and decide how to deliver different packages of “intelligence” to the right targeted consumer. Are ISPs actively or passively involved in this process? I believe No, but that is a different story. Technically, an ISP is like an ocean of threat intelligence comparing to best solution/biggest company in this market as a swimming pool!