A recent Ponemon Institute report, sponsored by Anomali, titled “The Value of Threat Intelligence,” addressed how organizations use threat information. The study looked at the benefits of this technology and the challenges of integrating it with existing security platforms and solutions.
The study suggested that companies value threat intelligence highly, since 77 percent of respondents described it as essential to their organization’s overall security mission. Virtually the same number (78 percent) indicated that a strong cybersecurity posture is a top concern, and another 57 percent noted that it would drive IT decision-making. Only 46 percent of respondents, however, said their IT teams used threat data to decide how to respond to threats.
Additionally, 70 percent of survey participants said their organization struggle to take action based on threat intelligence because the volume is overwhelming or too complex. Just 32 percent said their company’s IT professionals refer to this kind of data to inform senior executives about cyberthreats.
Threat Analysts Wanted
The objective of threat intelligence is to identify things that are out of place or not routinely encountered. That may mean shifting focus to a security strategy that depends on the specific area being investigated, which could require hiring a threat analyst. Indeed, 52 percent of respondents to the Ponemon survey said their companies would need a qualified threat analyst to separate the noise from actionable data.
“There’s too much data to really make sense of if you have a limited resource staff of security operations center analysts or threat analysts,” Travis Farral, the director of security strategy at Anomali, told CSO Online. “It can be overwhelming to sit and figure out which of these 100,000 things to look at first.”
Maximizing Threat Intelligence
Effective threat intelligence requires a solid solution. According to the survey, 79 percent of respondents considered a reliable platform necessary to maximize this data, and another 70 percent of platform users said it helped to pinpoint and prioritize incidents of compromise.
While it may be difficult to integrate threat intelligence into extant business systems, it can also provide information that can’t be found through other means.