Mastercard’s $2.65 billion acquisition of Recorded Future has focused attention on the increasing value of cyber threat intelligence (CTI) to enterprise security strategies.

Security experts in the space perceive the deal as validating the business criticality of CTI and accelerating its mainstream adoption.

A Multibillion-Dollar Bet

Mastercard on Sept. 12 announced it had agreed to acquire Recorded Future for $2.65 billion — nearly equivalent to the cumulative amount it paid in nine previous purchases of cybersecurity vendors. Mastercard has said it will leverage Recorded Future’s threat intelligence capabilities to bolster its own anti-fraud capabilities and to strengthen the third-party services it delivers via previous acquisitions such as RiskRecon.

The deal is expected to close in Q1 of 2025.

Fernando Montenegro, an analyst with Omdia, says Mastercard’s acquisition aligns with the financial firm’s efforts to integrate multiple capabilities around its suite of anti-fraud services. “One of the key components of successful anti-fraud initiatives is accurate threat intelligence, so it makes sense for Mastercard to improve their capabilities there,” Montenegro says. “I think the deal shows that threat intelligence can be immensely valuable not only to pure-play cybersecurity efforts, but to broader anti-fraud initiatives as well.”

The Business Research Company expects demand for cyber threat intelligence services to hit some $11.5 billion in revenue in 2024, and to more than double to $25.68 billion in 2028, at a compound annual growth rate (CAGR) of 21.7%. The analyst firm identified the primary growth drivers as an increase in the volume and sophistication of cyberattacks, cloud adoption, a constantly expanding attack surface, and increasing regulatory pressures. Others, like Statista think the market is currently even larger — $14.59 billion in 2023 — but have a more modest annual growth rate expectation of 14.7% between now and 2030.

Validation for CTI?

Beenu Arora, CEO and co-founder of Cyble, sees the pending transaction as further cementing the role of threat intelligence in business strategies. The rapidly changing and increasingly sophisticated threat landscape has increased the importance of intelligence on emerging threats, threat groups, and their tactics, techniques, and procedures, Arora says. Now perceived as a highly technical component of SecOps, CTI has moved to front and center of security strategy at a growing number of organizations.

“If you speak to any seasoned CTO, CISO, or chief executive, there’s always concern about how they can make the right decisions” around what assets to protect, how, and against whom, Arora says. “Over the last 10 to 15 years, I think there has been much greater awareness with regard to how threat intelligence can sit at the center of day-to-day decision making for the business, whether that’s managing risk, safeguarding assets, or using external intelligence to help guide business decisions.”

Analyst firm IT-Harvest, which maintains a dashboard tracking the performance of more than 4,050 cybersecurity vendors globally, counts 123 vendors as currently engaged in the cyber threat intelligence space. Of that number, 63 have experienced headcount growth this year. Mastercard’s recent acquisition underscores the value these vendors can bring to enterprise security strategies, says Richard Stiennon, chief research analyst at IT-Harvest.

“I think the acquisition is good for the 122 other threat intelligence vendors whose prospects will improve in the eyes of investors,” Stiennon says.

The $2.65 billion that Mastercard has agreed to pay for Recorded Future is roughly 6.5 times the latter’s annual revenue run rate. While that valuation is less than the 10-times valuations that cybersecurity firms garnered back in 2021 and 2022, it still is a healthy number, Stiennon says.

Many of the organizations that deliver CTI services, such as Recorded Future, Group-IB Flashpoint, and Digital Shadows, are what might be regarded as pure-play vendors in the space. Others, such as Mandiant, CrowdStrike, Kaspersky, IBM X-Force, Cisco Talos, and Palo Alto Networks, deliver threat intelligence as part of a broader portfolio of security services. All these vendors use a combination of open source intelligence (OSINT) and information from proprietary sources to deliver their CTI feeds.

“The acquisition validates the widespread, growing recognition that threat intelligence is no longer a complement to an organization’s security posture,” says Josh Lefkowitz, founder and CEO of Flashpoint. Organizations and government agencies are using threat intelligence to combat ransomware, protect data, lock down supply chains, prioritize critical vulnerabilities, and protect their people and assets.

“I’m constantly speaking with security leaders at organizations that consider these applications of threat intelligence critical to their daily operations,” Lefkowitz notes.

He adds that Mastercard’s Recorded Future purchase is bringing attention to the board level of the business criticality of CTI.

Don’t miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

Source: www.darkreading.com