70 percent of security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights.
Perceptions about the integration of threat intelligence with security technologies
The Ponemon Institute study, based on 1,072 respondents in the United Kingdom and North America, also showed that organizations neglect to share essential threat data with board members and C-level executives, despite the fact that security is now a business priority. On average, only 31 percent of these key stakeholders receive information that can be used to inform them about critical security and risk issues they face today.
Security teams within organizations are not optimized to deliver on threat intelligence. Less than half (46 percent) of those polled say incident responders use threat data when deciding how to respond to malicious activity, which leaves numerous vulnerabilities undiscovered. Almost a third (73 percent) of respondents admit they aren’t using threat data very effectively to pinpoint cyberthreats.
The top reasons for ineffectiveness include:
- Lack of staff expertise (69 percent of respondents)
- Lack of ownership (58 percent of respondents)
- Lack of suitable technologies (52 percent of respondents).
“Too much data that is not delivered in the right way can be just as bad as not enough. This is the situation that many companies find themselves in. We call it threat overload,” said Hugh Njemanze, CEO of Anomali. “The number of threat indicators is skyrocketing and organizations simply cannot cope with the volume of threat intelligence data coming their way. It’s clear that what businesses need is a system that pinpoints the threats they must take notice of and that gives them actionable and relevant insights.”
The inadequacy of organizations’ processes and reporting techniques creates additional challenges for prioritizing threat data. Fifty-six percent of respondents say their companies do not use standardized communication protocols and if they do, it is most likely in the form of difficult-to-understand, unstructured PDFs or CSVs (59 percent). Fifty-three percent say the process of prioritizing malicious activity data within a threat intelligence platform is very difficult.
To add to these issues further, the report also found:
- 52 percent of respondents believe their companies need a qualified threat analyst to maximize the value of threat intelligence
- 43 percent of respondents say the data isn’t used to drive decision making within their organization’s security operations center
- 49 percent say their IT security team doesn’t receive or read threat intelligence reports.
“Every industry knows that threat intelligence is a key component of any effective defense strategy and, as this survey points out, it has become too overwhelming to deal with,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks.”
What features are important to integration?
Threat intelligence is a priority
According to the report, 78 percent of respondents rate the importance of threat intelligence in achieving a strong cybersecurity posture as very high. Two-thirds of organizations either have or are planning to deploy a threat intelligence platform and 70 percent are seeking to improve threat intelligence efficiency in the future.
Both findings show that the industry is taking note of always-increasing numbers of data breaches and that it recognizes the value of an early warning system.
“With the growing threats to organizations posed by cybercriminals, it is clear there is a need to help businesses cut through the noise of data to find the threat intelligence that is relevant and actionable. User-intuitive platforms that disseminate the influx of information are essential, as well as having clearly defined roles and responsibilities among staff. We all know that the bad guys analyze intelligence on how to break into networks — it’s now time for enterprises and other organizations that are being attacked to analyze intelligence on adversaries. With a real-time view, security professionals need to know who the attackers are, where they live and what techniques they typically use to stay ahead,” continued Njemanze.