January 23, 2020 By Parag Pathak 3 min read

Threat management, or cyber threat management, is a framework often used by cybersecurity professionals to manage the life cycle of a threat in an effort to identify and respond to it with speed and accuracy. The foundation of threat management is a seamless integration between people, process and technology to stay ahead of threats.

Read the Threat Management eBook

Why Is Threat Management Important?

According to the 2019 Cost of a Data Breach Report, organizations can save on average $1.2 million when breaches are detected sooner. With the constant increase in the number of threats and the complexity of the attacks, organizations are struggling to keep up. Threat management is important to organizations now more than ever as it increases the collaboration between people, process and technology, giving organizations the best chance to detect threats sooner and respond more quickly.

Organizations that successfully adopt and implement the threat management framework often benefit from:

  • Lower risk with faster threat detection, consistent investigations and faster response
  • Continuous improvement through built-in process measurement and reporting
  • Increased security team skills, effectiveness and morale

3 Common Threat Management Challenges

Why is it so hard to protect against advanced persistent threats and insider threats? When we speak to security leaders across the industry, three common challenges always come up:

1. Lack of Visibility

Security teams do not have complete visibility of their entire threat landscape with relevant context, including internal (HR, users, databases, cloud) and external data (social media, OSINT, threat intel, dark web, etc.) sources. This is often caused by the silos that exist between security teams, lack of integration between point solutions, and undefined or inconsistent processes across the organization. According to IBM estimates, enterprises use as many as 80 different security products from 40 vendors.

2. Lack of Insights and Out-of-the-Box Reporting

Security teams do not have insights into which KPIs they should be tracking and how to get the actual metrics (e.g. ROI, MTTD, MTTR). There is also no easy way to create reports to show progress against maturity standards and compliance due to a lack of integrations between their point solutions. Additionally, if different security teams are measured against different KPIs, it often becomes difficult to align them on a common goal for the organization. According to various analyst research and what we hear from our prospects at IBM, the complexity of the IT environment ranks among the biggest security challenges they face.

3. Skill Shortage and Staff Burnout

Due to a skill shortage in the market and analyst burnout, security leaders are having a difficult time hiring qualified talent and keeping the current staff motivated. It is also difficult to find additional staff budget, and security leaders have to find creative ways to “borrow” talent from other cross-functional units such as customer support, technical sales, etc. and then train them to be effective in the field.

Best Practices for Effective Threat Management

To succeed and grow rapidly, an organization needs to unite defenses and response to stop threats faster and more efficiently. Effective threat management is achieved when the following framework is applied:

  • Insight: Insight into current threat operations with global services that can be tailored locally to meet the unique needs of an organization.
  • Visibility: Visibility into the threat landscape, inside and out, with services to test cyber resiliency and technology that can integrate security and non-security data sources.
  • Detection: Detection of the most critical threats to an organization through integrations of AI, threat intelligence and attack models derived from years of experience securing top Fortune 500 companies.
  • Investigation: Investigation assisted by AI and advanced analytics across structured and unstructured data sources along with multiple degrees of separation correlation capabilities.
  • Response: Response that delivers automated actions against the most common threats and dynamic business-wide playbooks that offer orchestration across people, processes and technologies.

As organizations continue to struggle with increasingly frequent and complex attacks, it is essential for them to unite people, process and technology to stop threats faster and more efficiently. Threat management provides a great framework to deliver insights into the threat landscape, help organizations detect threats faster, investigate intelligently with AI and advanced analytics, and remediate rapidly with orchestration and automation.

Finally, it is essential to recognize that the threat management approach is beneficial to organizations of all sizes — SMBs to enterprises. Depending on the size of your organization, you may decide to implement a self-service platform or a white glove end-to-end threat management service.

Learn how IBM Security Threat Management Solutions can help

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today