Threat intelligence is a vital part of organizational security. It allows organizations to move from reactive to predictive cybersecurity. In simpler terms, while reactive cybersecurity investigates the reasons why the barn door was not bolted, which allowed the horse to escape the barn, a predictive or proactive approach warns that the door may be open or can be opened quickly. This allows the owners to check the barn door and ensure that the horse doesn’t exit the barn.
Why compare?
Now that we have established the importance of the Digital Threat Intelligence Management (DTIM) technology, let us further drill down for the best fit. There is no one-size-fits-all solution. Different vendors may provide different capabilities. It is up to the user to choose the product that is the best fit for their use cases. A matrix is a great way to judge all the products before settling upon the one that will be the best fit. A year-on-year comparison helps further refine the search by showing vendors that have kept pace with the technological trends, need improvement, or have regressed. We have already seen the comparison of the DTIM SPARK Matrix™ for 2023 and 2024. This is a comparison of the matrices of 24-25.
Here are the positions of all the vendors participating in the evaluations:
| Vendor | 2024 Position | 2025 Position | Likely Reason for Change |
| CrowdStrike | SPARK Leader | SPARK Leader | Continued market leadership, strong product evolution, customer satisfaction. |
| Trellix | SPARK Leader | SPARK Leader | Maintained innovation and integration post-McAfee FireEye merger; consistent impact. |
| Kaspersky | SPARK Leader | SPARK Leader | Sustained presence due to robust threat intel capabilities and strong international base. |
| ThreatQuotient | SPARK Leader | SPARK Leader | Retained leadership due to strong platform analytics and integrations. |
| Group-IB | SPARK Leader | SPARK Leader | Consistent performance in cybercrime monitoring and fraud prevention. |
| ZeroFox | SPARK Leader | SPARK Leader | Continued emphasis on digital risk protection and external threat intel. |
| Anomali | SPARK Leader | SPARK Leader | Maintained edge through threat intel platform enhancements and automation. |
| Not Present | SPARK Leader | New entrant; likely due to Chronicle and Mandiant integration showing results. | |
| Cyware | Lower Strong Contender | SPARK Leader | Strategic growth in automation-driven threat intel; platform enhancements. |
| Cogility | SPARK Leader (lower right edge) | SPARK Leader | Minor improvement; enhanced product delivery & integration possibly helped. |
| Cyberint | SPARK Leader (lower) | Strong Contender (Mid-tier) | Likely reduction in market impact or competitive differentiation. |
| Recorded Future | SPARK Leader | SPARK Leader | Shift possibly due to stiffer competition or slower pace of innovation. |
| IBM | Strong Contender (High) | Strong Contender (Top-right) | Maintained strong position; solid enterprise presence and AI-based threat detection. |
| Microsoft | Strong Contender (High) | Strong Contender (Top-right) | Held steady; wide adoption and integration into enterprise security ecosystems. |
| Flashpoint | Strong Contender (Upper) | Strong Contender (Upper) | Stable presence; focused on deep/dark web and physical-cyber intelligence. |
| ReliaQuest | SPARK Leader (Low-mid) | Strong Contender (Upper-mid) | Small decline; possibly overshadowed by newer entrants or broader competition. |
| Netcraft | SPARK Leader (Lower-mid) | Strong Contender (Lower-mid) | Similar position; focused, but possibly less broad platform than peers. |
| SecurityScorecard | Strong Contender (Upper-mid) | Strong Contender (Mid-tier) | Slight dip; market perception of innovation pace may have plateaued. |
| Rapid7 | Strong Contender (Upper-mid) | Strong Contender (Mid-tier) | Minimal change; strong analytics but limited differentiation in threat intel alone. |
| Intel 471 | Strong Contender (Mid-tier) | Strong Contender (Mid-low) | Position largely unchanged; still niche-focused in cybercrime intelligence. |
| CyberSixGill | Strong Contender (Lower) | Strong Contender (Lower-mid) | Improved slightly; deeper threat source tracking likely helped. |
| ThreatConnect | Strong Contender (Mid-tier) | Strong Contender (Lower-mid) | Minor drop; possibly due to slower innovation or platform overlap. |
| EclecticIQ | Strong Contender (Right-edge) | Strong Contender (Lower-left) | Slight decline; European niche player, less US traction. |
| Sekoia | Not Present | Strong Contender (Lower-left) | New entrant; likely regional or focused play gaining traction. |
| CybelAngel | Not Present | Aspirant (Lower-left) | New entrant; early stage or limited visibility outside niche. |
| Outpost 24 | Aspirant | Aspirant | Unchanged; possibly due to regional focus or narrow feature set. |
| ThreatBook | Aspirant | Aspirant | Still in aspirant; regional (China-based) player with limited global expansion. |
| Mandiant | SPARK Leader | Not Present | Possibly merged into Google/Chronicle post-acquisition; consolidated. |
| Centripetal | Aspirant | Not Present | Possibly dropped due to limited growth, visibility, or market traction. |
| Threater | Aspirant | Not Present | May have been acquired, rebranded, or failed to demonstrate competitive edge. |
Market overview:
One fact that is clear to the naked eye is that the expanded leader tier and active contenders indicate that the market is still maturing. The shrinking number of aspirants indicates that entry is becoming increasingly difficult.
A deeper dive:
Regarding leaders, the matrix shows significant shifts between 2024 and 2025. The 2024 leaders CrowdStrike, Trellix, Kaspersky, Group-IB, Anomali, ZeroFox, and ThreatQuotient remain dominant with their advanced threat intelligence solutions and strong customer adoption. The category expanded in 2025 to include Cyware and Google. This growth in the leader tier indicates that innovation and scalability are key to getting ahead.
The strong contender category remains a mix of established players and new entrants. The 2024 matrix featured vendors like Microsoft, IBM, and Rapid7, which held steady by leveraging their brand strength and customer bases. The 2025 matrix adds Sekoia and CybelAngel as fresh contenders, indicating disruptive entries with cloud-based and rebranded offerings, respectively. Stable performers like Microsoft and IBM maintain their positions through consistent delivery, though why they have held steady instead of moving upward remains a question mark.
The aspirant segment has shrunk in 2025. The 2024 matrix featured Mandiant, Centripetal, and CyberAngel. It has shrunk to Outpost24 and ThreatBook in 2025. Mandiant’s non-inclusion is probably owing to the company being a fully owned subsidiary of Google. The reasons for the non-inclusion of Threater and Centripetal are unclear.
Final word:
The DTIM market is a dynamic ecosystem where vendors need to have products with technological excellence and customer impact to achieve success. Vendors need to focus on innovation to lead the market or risk fading away.