Global Threat Intelligence
The world's most authoritative annual cybersecurity intelligence reports — synthesizing millions of data points into the intelligence your team needs to defend effectively.
M-Trends Report
Mandiant (Google Cloud)
The M-Trends Report is arguably the gold standard of incident response intelligence. Published annually by Mandiant (now part of Google Cloud), it draws from thousands of real-world breach investigations to reveal trends in dwell time, attacker TTPs, and industry-specific targeting. M-Trends data is widely considered the most operationally grounded threat intelligence available.
Key Coverage Areas
Microsoft Digital Defense Report
Microsoft Security
Microsoft's annual Digital Defense Report is unparalleled in breadth — it synthesizes threat intelligence from billions of signals across Azure, Microsoft 365, and Windows telemetry. It offers sweeping insights into nation-state operations, ransomware ecosystem evolution, supply chain intrusions, and the cybercriminal economy, backed by Microsoft's unmatched visibility into global network traffic.
Key Coverage Areas
CrowdStrike Global Threat Report
CrowdStrike
CrowdStrike's Global Threat Report is famous for its adversary-centric intelligence model, tracking named threat actors with precision. It introduces concepts like 'breakout time' — the speed at which attackers move laterally post-compromise — providing defenders with specific, measurable benchmarks. Widely used by red teams and threat intel analysts to understand adversary tradecraft at a granular level.
Key Coverage Areas
IBM X-Force Threat Intelligence Index
IBM Security
The IBM X-Force Threat Intelligence Index compiles observations from IBM's global incident response team, managed security services, and dark web monitoring. It provides actionable insight into the top infection vectors, malware families, and industries most frequently targeted. Particularly strong on analyzing how initial access techniques evolve and the commoditization of cybercrime tooling.
Key Coverage Areas
Verizon Data Breach Investigations Report (DBIR)
Verizon
The Verizon DBIR is the most data-driven breach analysis report in existence, analyzing thousands of real breaches and security incidents annually. Its statistical rigor and industry-neutral perspective make it uniquely authoritative. DBIR introduced the '95/5 rule' and its analysis of breach patterns by industry vertical has shaped risk quantification methodologies across the entire security field.
Key Coverage Areas
Unit 42 Global Threat Report
Palo Alto Networks
Unit 42's threat research combines Palo Alto Networks' vast network visibility with deep adversary research. The report is especially strong on cloud attack surface analysis, ransomware group evolution, and threat actor profiling. Unit 42 researchers are frequently the first to publicly attribute major ransomware campaigns and publish detailed Indicators of Compromise.
Key Coverage Areas
Cisco Talos Year in Review
Cisco Talos
Cisco Talos is one of the world's largest commercial threat intelligence research organizations. Their Year in Review synthesizes analysis of malicious traffic flows, email-based threats, and vulnerability exploitation observed across Cisco's global network infrastructure. Talos is renowned for its rapid CVE analysis and its discovery of critical infrastructure malware including VPNFilter.
Key Coverage Areas
ENISA Threat Landscape Report
EU Cybersecurity Agency
The ENISA ETL is the official threat landscape report of the European Union's cybersecurity agency. It maps the top threats affecting EU member states and critical sectors, covering ransomware, supply chain attacks, state-sponsored espionage, and emerging threats to OT/ICS systems. Invaluable for understanding geopolitical cyber threats targeting European infrastructure and GDPR-adjacent cybersecurity obligations.
Key Coverage Areas
Sophos Active Adversary Report
Sophos
Sophos's Active Adversary Report focuses on the behaviors of attackers once they're inside a network — dwell time statistics, commonly abused legitimate tools (LOLBins), and attacker detection evasion during live intrusions. It's a practitioner's report built from Sophos's incident response caseload, making it highly tactical and applicable to endpoint defense and threat hunting programs.
Key Coverage Areas
Secureworks Threat Intelligence Report
Secureworks Counter Threat Unit
Secureworks' Counter Threat Unit (CTU) publishes detailed threat intelligence research on cybercriminal groups, state-sponsored actors, and emerging attack techniques. Their reports are characterized by deep attribution analysis and are highly regarded among the threat intelligence community for naming and tracking threat groups with supporting evidence. CTU research frequently feeds into government-level threat briefings.
Key Coverage Areas