Grey Logic

  • View

  • Download

Embed Size (px)





GreyLogicCyber Intelligence Market and Competitor Research13 November 2009

RequirementsWho are the potential customers for a weekly newsletter summarizing and analyzing trends in various cyber threats and for tailored intelligence briefings in the United States (US) and the European Union (EU)?Who are GreyLogics competitors and how deep is the market penetrated by them?What are the best practices among companies providing timely intelligence to private and government clients in the US and the EU?Competitors' services' pricing structure from a starting company to a mature business.What types of products and services do these companies provide?What is the companies' marketing strategy?

2AgendaKey FindingsCustomersGovernmentPrivate SectorAcademiaCompetitorsMarket PenetrationBest PracticesService PricingProducts and ServicesMarketing Strategies

3Key FindingsTop 12 Customers1. Cyber Security Management Center (CSMC) (US)2. Defense Information Systems Agency (DISA) (US)3. Department of Energy (DOE) (US)4. Department of State (US)5. United States Postal Service (USPS) (US)6. National Aeronautics and Space Administration (NASA) (US)7. Ebay (US)8. Western Union (US)9. Arsys (EU)10. Facebook (US)11. LiveJournal (US)12. Twitter (US)

4Key Findings The best markets for a weekly cyber intelligence brief are likely:Large US government agencies and secondly large private companies with,Cyber or national security missionsServices provided through ITEuropean market highly fragmentedDiversity numerous separate marketsBest markets within EU: UK and countries in Russias sphere of influence, such as Estonia and Poland

5The size of the company was identified to be an important factor becauseMore funding resources to utilize such servicesDesignated team/unit for cyber security and related topics and executive level to consume intelligence85 percent of small and medium businesses do not have a staff dedicated to IT security72 percent do not have formal internet security policiesNo staff, no time, no perceived need

GovernmentTop 5 potential customers were all governmentAccustomed intelligence consumerIs likely to have the executive level at which to consume intelligence, and designated team for IT security

Private businessesAre aware of their cyber security needs - mission is IT dependent: eBay, Facebook, Twitter

5Key Findings 51 Total OrganizationsGovernment : 17Private Sector: 23Academia: 11

United States: 35European Union: 16

Source: Created by analyst6Customers - Government9 out of 17 victims of cyber attack 7 out of those 9 were US government agencies14 out of 17 are high or moderately high-value targets Disruption would have symbolic, financial, political, or tactical consequences Critical Infrastructure and Key Resources (CIKR) sectors

7 9 out of 17 government agencies have been attacked CSMC (Dept. of Transportation), DISA, DOE, Dept. of State, USPS, NASA, FBI, Staff Department of Intelligence and Security, French Networks and Information Security Agency (FNISA) 7 of those 9 were US government 14 out of 17 government agencies are the highest value targets, all are US agencies CSMC, DISA, DOE, Dept. of State, USPS, FBI, HHS (high, 3 out of 3) NASA, FNISA, NTIA, Staff Department of Intelligence and Security, Federal Criminal Police Office, ITA, Netherlands Military Intelligence and Security (moderately high, 2 out of 3)

7Customers - Government 12 out of 17 have IT- or national security centric missions i.e. Cyber Security Management Center, Defense Information Systems Agency 9 out of 17 rely on private companies or Information Sharing and Analysis Centers (ISACs) for cyber security services

8 12 out of 17 government agencies have IT- or national security-centric missionsCSMC, DISA, DOE, Dept. of State, FBI, FNISA, NTIA, Staff Department of Intelligence and Security, Netherlands Military Intelligence and Security, UK Cyber Security Operations Center, Brigade of Technological Research, European Network and Information Security Agency (ENSIA) 9 out of 17 government agencies rely on private companies or ISACs for cyber security services CSMC, DISA, DOE, Dept. of State, USPS, NASA, HHS, NTIA, ITA

8Customers - GovernmentTop Five Government CustomersCyber Security Management Center (CSMC)Defense Information Systems Agency (DISA)Department of Energy (DOE)Department of State (DOS)United States Postal Service (USPS)

9Department of StateContact Information:Susan Swart, Chief Information Officer, Phone: 202-647-2889Charles D. Wisecarver, Deputy Chief Information Officer, 202-647-2863Robert K. Nowak, Director of IT Infrastructure, 202-647-1001John Streufert, Director of Information Assurance, 703-812-2500Cheryl Hess, Director of Information Security Programs for the Bureau of Diplomatic Security, 571-345-3080

Organizational structure of Dept. of State contact persons. Source: Created by analyst10Because the State Department is so large, there are multiple individuals that have IT security roles. Their places in the overall structure of the State Department are shown in the chart. 10Department of EnergyContact Information:Patrick FerraroDirector of the Office of Headquarters Procurement ServicesPhone: 202-287-1500Fax: 202-287-1451Email:

Roadrunner, the world's most powerful supercomputer, is located at DOEs Los Alamos National Laboratory. Source: Department of Energy11Customers - BusinessPrivate sector customers 45 percent (23 of 51) of all identified customers

Large companies that recognize the importance of IT to their mission, like eBay, Facebook, and Twitter are likely to invest in cyber threat prevention

12Customers - BusinessTop six private sector customersWestern UnionArsysEbayFacebookLiveJournalTwitter

13Customers - AcademiaVerified by the NSACylab, Tallinn University of Technology, Georgia Tech, Indiana University and Mississippi State

Grants to conduct research are the most likely to purchase cyber security intelligence

It is likely the NSA will acknowledge more academic institutions in the future29 acknowledged in 2009

14The academia is likely the smallest and most specialized market for a weekly intelligence newsletter due to being limited to universities and colleges verified by the NSA such as CyLab at Carnegie Mellon, Tallinn University of Technology, Georgia Tech Information Security Center, Center for Applied Cybersecurity Research at Indiana University and the Center for Computer Security and Research at Mississippi State UniversityAcademic institutions verified by the National Security Agency (NSA) Center of Academic Excellence are the most likely to purchase cyber security intelligence briefings due to the fact these schools receive formal acknowledgment from the United States (US) Government who provide funding for research and scholarships to students who attend the listed centers. Each center must go through stringent judging criteria to be put on the list. Many of the schools are located near a Department of Defense or other federal agency so that each center may assist the United States Government on information assurance security matters.

Grants-Georgia Tech and Indiana University likely the best customers because they have received a research grants such as National Leadership Grant library repository and a government stimulus health care privatization and/or maintain their own lab for cyber related research and projects.

Academia is the smallest, to the extent of being a non-existent market for cyber intelligence within the EU. This primarily due diversity, which in the government and private sectors provide more opportunities, while academia suffers from lack of concentrated effort and funding similar to NSA's sponsorship in the US. it is likely the NSA will acknowledge more academic institutions who meet the NSA criteria who will be in need of cyber threat intelligence briefings. Within the past year, 29 institutions were awarded the NSA seal of approval in their academic programs.

14Customers - AcademiaTop five customers in academiaCyLab at Carnegie Mellon University (US)Tallinn University of Technology in (EU)Georgia Tech Information Security Center (US)Center for Applied Cybersecurity Research (CACR) at Indiana University (US)Center for Computer Security and Research (CCSR) at Mississippi State (US)


1620 competitors identifiedNo direct competitorsClosest competitorsiDefense Labs (US)iSIGHT Partners (US)SecureWorks (US)More demand for cyber security than intelligence12 out of 18 US competitors were located in Washington, DCKey Findings: Only few direct competitors due to GreyLogics specialization in cyber intelligence and not cyber security Cyber intelligence is likely hard to sell to private businesses as an independent product as our research indicates that the sector has higher demand of cyber security services that directly address companies needs


Identified CompetitorsCyber Defense Agency (CDA) (US)Cyber Security Research and Development Center (US)Cyveillance (US)Dancho Danchev (EU)Department of Homeland Security US-CERT(US)Ernst & Young (EU)EWA Information and Infrastructure Technologies, Inc. (US)Fortify (US)Global Security Mag (EU)iDefense Labs (US)iJET Intelligent Risk Systems (US)Informatica (US)IT Information Sharing and Analysis Center (US)iSIGHT Partners (US)Lookingglass (US)Multi-State Information Sharing Analysis Center (US)nCircle (US)SecureWorks (US)Trend Micro (US)United States Cyber Consequence Unit (US)1717Market Penetration

United StatesGovernment market highly penetratedPrivate sector emerging market with fast growthPrivate sector comprises of 85 percent of the nations cyber infrastructureIncrease in cyber attacks, especially against businesses larger finan