94% of respondents to an Enterprise Strategy Group (ESG) study believe it is highly or somewhat valuable to share threat intelligence information between federal agencies and other private organizations. However, only 37% of respondents’ organizations regularly share internally driven threat intelligence with other organizations or industry Information Sharing and Analysis Centers (ISACs).
When examining the study, Trevor Welsh, Sales Engineering Manager at ThreatStream, found one point that stood out. “48% of respondents to the question concerning the value of sharing between federal agencies and the private sector felt that this intelligence would only be “Somewhat Valuable”, or “Not very valuable” to their organization. I do not believe that the private sector thinks the public sector is bad at threat analysis. Instead, I believe this strongly brings to light the issue of relevance.”
“This is further underscored by the following question which seeks to determine how many respondents share internally-derived threat intelligence with outside organizations. Notice that >80% of respondents do so. This implies that organizations are deriving value from sharing threat intelligence, but probably within peer organizations. With this in mind, it would seem there is a great opportunity for organizations to better understand who their cohorts are. That is, other organizations whose business relies on similar intelligence, but are not obviously a peer organization. Think of the amount of great intelligence we are all not getting for lack of a great algorithm!” added Welsh.
Key findings include:
- 72% of participants responded that spending on their organization’s threat intelligence program will increase significantly or somewhat in the next 12 to 18 months.
- Participants responded that 72% of their organizations plan to collect and analyze significantly or somewhat more internal threat intelligence over the next 12 to 24 months; while 55% of their organizations plan to collect and analyze significantly or somewhat more external threat intelligence over the next 12 to 24 months.
- However, organizations face challenges with collecting and analyzing external threat intelligence. Some of the top challenges include: threat intelligence is collected and analyzed by different individuals/tools so it is difficult to get a holistic picture of internal and external threats (32%); organizations inadvertently block legitimate traffic as a result of a problem with threat intelligence collection/analysis (32%); threat intelligence collection and analysis workflow process and integration problems (31%); and threat intelligence isn’t always as timely or actionable as respondents need it to be (28%).
- 97% responded that standards are very important or somewhat important for their organizations to consume threat intelligence.
“There is clearly an understood value in leveraging threat data, but organizations are finding it difficult to collect, analyze and pinpoint critical threats,” said Jon Oltsik, ESG senior principal analyst. “According to our research, automation is needed for organizations to wade through the mass of alerts they receive, and standards are needed for the secure sharing of threat intelligence.”
“The idea around sharing threat intelligence among organizations is rapidly gaining traction,” said Anne Bonaparte, CEO of Vorstack. “To achieve this, organizations need a holistic picture of internal and external threats for the enterprise, and the ability to share threat intelligence among organizations in a manner that is secure, anonymous, non-attributed and standards based.
The study analyzed responses from more than 300 online surveys from IT and security professionals who are directly involved in the planning, implementation, and/or daily operations of their organization’s threat intelligence program, processes, or technologies. Participating organizations were North American based with more than 1,000 employees, spanning financial, business services, manufacturing and retail vertical markets.