There’s real value in threat intelligence. After all, what company doesn’t want actionable, reliable data about emerging threats?

It’s no surprise, then, that the “SANS 2018 Cyber Threat Intelligence Survey” found that 81 percent of businesses now leverage threat intelligence programs. But the work isn’t over — while relevant, these programs still have plenty of room for improvement.

Threat Intelligence Adoption On the Rise

As noted by Infosecurity Magazine, threat intelligence has been gaining ground over the last few years. Just 64 percent of organizations used them in 2016, compared to over 80 percent this year. In addition, 68 percent of organizations are now “creating or consuming data around the latest cybersecurity campaigns,” suggesting that companies are leveraging threat intelligence to anticipate and adapt to emerging attack vectors.

Threat detection remains the most sought-after benefit, with 79 percent of respondents emphasizing this capability in their programs. Incident response (71 percent), blocking threats (70 percent) and threat hunting (62 percent) round out the top four.

There’s also a move toward more public sharing of critical threat data. Switzerland recently rolled out its Threat Intelligence Sharing Group, which aims to “achieve a greater understanding of the entire cybersecurity environment” by empowering threat sharing and collaboration among Swiss enterprises, according to a press release.

Room For Improvement

There are still some barriers to implementation. As noted by Help Net Security, many firms remain “dissatisfied” with the quality and accuracy of their threat intelligence. And while there’s an uptick in security information sharing — 84 percent of businesses said they were taking part — most sharing takes an informal approach rather than following structured guidelines, limiting the overall efficacy of threat intelligence.

Security professionals’ biggest concern is the lack of timely information. Over the past three years, this issue has owned the top spot with more than a 20 percent margin over the next-biggest problem: information that’s too complex to ensure ease and speed of use. However, there is hope, since artificial intelligence (AI) integrated into security solutions can assist teams in sorting through complex information and pulling key insights.

The Growing Value of Threat Intelligence Programs

More companies are using threat intelligence, and they’re seeing significant value, but there’s room for improvement. Real-time results and complexity are stumbling blocks while the lack of formal sharing practices limits the impact of threat data.

The good news is that increased adoption drives a growing marketplace, making room for specialization and niche services, which are critical for the development of innovative threat intelligence approaches. For enterprises, this means that threat intelligence solutions have matured enough to take their place as staples of security environments.

But the work isn’t over: Timely insights, straightforward reporting and formal sharing practices must evolve to meet the lofty expectations of the security industry at large.


More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…