How to Select a Risk Intelligence Alert Provider – Five Key Questions to Ask

As continued risks emerge from known and unknown areas, corporate security teams are attempting to manage a wide range of critical events. There is an abundance of third-party risk intelligence providers available for corporations to choose from to provide the intelligence they need. Here are some tips and questions to ask when thinking about and evaluating what your corporate security team needs to run your intelligence program successfully:

Covered Geographies.
Where is your team managing risk?

If it is North America only, then focus on groups that have a breadth of experience in North America. For certain regions of the world, such as Israel, there are specific groups that source intelligence with expert capabilities. To cover multiple regions worldwide, organizations usually choose multiple intelligence alert providers to support their covered geographies.

Local vs National.
What is the depth of intelligence required to support your group’s intelligence function?

Risk intelligence feeds are available for local, smaller events as well as the largest and most significant events on a national or global level. When local feeds are provisioned, the quantity of alerts usually rises exponentially. It is important to understand the scope of the team's mandate and the importance of monitoring risk on a hyper-local level versus a national level to strike the right balance for your team.

Intelligence Analyst Vetted vs Raw Feed.
Have alert notifications been vetted by an in-house intelligence analyst at your vendor’s location or do they send raw alerts that are computer generated only?

Fundamentally, alert providers fall into these two distinct buckets, and it is important to understand what you’re buying. Some corporate security teams are smaller, and pre-vetted alerts help enhance productivity. Other teams are larger and prefer to ingest and analyze raw risk notifications themselves; they are set up to handle large quantities of open-source intelligence. Knowing the structure and size of your team is critical in determining whether you want raw intelligence feeds or curated feeds that have already been verified. Additionally, in-house vetted alerts tend to be delivered more slowly from the vendor to the corporate security team. If speed is paramount, then the raw feeds will deliver more timely alert notifications.

Social Media Sourcing.
Where do you get the data for your alerts?

It is often said that “Social Media is faster than the news” or even “Social Media is the news.” This is true, and we see breaking news events hit social media first. A key question to ask your risk notification vendor is whether they have firehose data access to leading social media sources such as Twitter, Instagram, Snapchat, and others. A firehose will yield the fastest access to the data underlying the alert. Some risk notification providers have access to certain social media sources but not others; it is important to understand the landscape so that your organization doesn’t miss a timely notification of a risk that might evolve into a critical event for your organization.

API Access.
Does your alert provider grant you use of their API for free as part of your contract with them?

Your alert provider will usually deliver your alerts by email. This can flood your inbox, and we’ve learned that teams miss alerts that are critical events. This impacts critical response time. To avoid missteps, companies have begun adopting a Common Operating Picture (“COP”) platform to ingest all of their alerts, regardless of source.  Everbridge’s Visual Command Center (VCC) and’s TopoONE platforms are examples of COPs that have been adopted by corporations to address these problems. To make your data available in these platforms, an API is needed. Make sure your alert provider includes access to their API in your contract with them so that you can ingest your alerts into your COP without undue cost or hassle. Most alert providers readily include API access but not all. Many alert providers that are available to corporations attempt to charge significant extra fees for API access that often surprise organizations. Modern software companies readily make their data available to other platforms without undue extra cost or burdens to the organization.

The team will help you navigate the above questions to choose the right mix of intelligence alert providers to meet your program’s needs. We have a wealth of experience working with all the major intelligence alert vendors. The great news for corporate security teams is that many options can meet your needs, all of which can seamlessly integrate into your COP.

For more information or if you would like assistance, please contact us at