February 12, 2018 By Douglas Bonderud 2 min read

There’s real value in threat intelligence. After all, what company doesn’t want actionable, reliable data about emerging threats?

It’s no surprise, then, that the “SANS 2018 Cyber Threat Intelligence Survey” found that 81 percent of businesses now leverage threat intelligence programs. But the work isn’t over — while relevant, these programs still have plenty of room for improvement.

Threat Intelligence Adoption On the Rise

As noted by Infosecurity Magazine, threat intelligence has been gaining ground over the last few years. Just 64 percent of organizations used them in 2016, compared to over 80 percent this year. In addition, 68 percent of organizations are now “creating or consuming data around the latest cybersecurity campaigns,” suggesting that companies are leveraging threat intelligence to anticipate and adapt to emerging attack vectors.

Threat detection remains the most sought-after benefit, with 79 percent of respondents emphasizing this capability in their programs. Incident response (71 percent), blocking threats (70 percent) and threat hunting (62 percent) round out the top four.

There’s also a move toward more public sharing of critical threat data. Switzerland recently rolled out its Threat Intelligence Sharing Group, which aims to “achieve a greater understanding of the entire cybersecurity environment” by empowering threat sharing and collaboration among Swiss enterprises, according to a press release.

Room For Improvement

There are still some barriers to implementation. As noted by Help Net Security, many firms remain “dissatisfied” with the quality and accuracy of their threat intelligence. And while there’s an uptick in security information sharing — 84 percent of businesses said they were taking part — most sharing takes an informal approach rather than following structured guidelines, limiting the overall efficacy of threat intelligence.

Security professionals’ biggest concern is the lack of timely information. Over the past three years, this issue has owned the top spot with more than a 20 percent margin over the next-biggest problem: information that’s too complex to ensure ease and speed of use. However, there is hope, since artificial intelligence (AI) integrated into security solutions can assist teams in sorting through complex information and pulling key insights.

The Growing Value of Threat Intelligence Programs

More companies are using threat intelligence, and they’re seeing significant value, but there’s room for improvement. Real-time results and complexity are stumbling blocks while the lack of formal sharing practices limits the impact of threat data.

The good news is that increased adoption drives a growing marketplace, making room for specialization and niche services, which are critical for the development of innovative threat intelligence approaches. For enterprises, this means that threat intelligence solutions have matured enough to take their place as staples of security environments.

But the work isn’t over: Timely insights, straightforward reporting and formal sharing practices must evolve to meet the lofty expectations of the security industry at large.


More from

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today