January 23, 2020 By Parag Pathak 3 min read

Threat management, or cyber threat management, is a framework often used by cybersecurity professionals to manage the life cycle of a threat in an effort to identify and respond to it with speed and accuracy. The foundation of threat management is a seamless integration between people, process and technology to stay ahead of threats.

Read the Threat Management eBook

Why Is Threat Management Important?

According to the 2019 Cost of a Data Breach Report, organizations can save on average $1.2 million when breaches are detected sooner. With the constant increase in the number of threats and the complexity of the attacks, organizations are struggling to keep up. Threat management is important to organizations now more than ever as it increases the collaboration between people, process and technology, giving organizations the best chance to detect threats sooner and respond more quickly.

Organizations that successfully adopt and implement the threat management framework often benefit from:

  • Lower risk with faster threat detection, consistent investigations and faster response
  • Continuous improvement through built-in process measurement and reporting
  • Increased security team skills, effectiveness and morale

3 Common Threat Management Challenges

Why is it so hard to protect against advanced persistent threats and insider threats? When we speak to security leaders across the industry, three common challenges always come up:

1. Lack of Visibility

Security teams do not have complete visibility of their entire threat landscape with relevant context, including internal (HR, users, databases, cloud) and external data (social media, OSINT, threat intel, dark web, etc.) sources. This is often caused by the silos that exist between security teams, lack of integration between point solutions, and undefined or inconsistent processes across the organization. According to IBM estimates, enterprises use as many as 80 different security products from 40 vendors.

2. Lack of Insights and Out-of-the-Box Reporting

Security teams do not have insights into which KPIs they should be tracking and how to get the actual metrics (e.g. ROI, MTTD, MTTR). There is also no easy way to create reports to show progress against maturity standards and compliance due to a lack of integrations between their point solutions. Additionally, if different security teams are measured against different KPIs, it often becomes difficult to align them on a common goal for the organization. According to various analyst research and what we hear from our prospects at IBM, the complexity of the IT environment ranks among the biggest security challenges they face.

3. Skill Shortage and Staff Burnout

Due to a skill shortage in the market and analyst burnout, security leaders are having a difficult time hiring qualified talent and keeping the current staff motivated. It is also difficult to find additional staff budget, and security leaders have to find creative ways to “borrow” talent from other cross-functional units such as customer support, technical sales, etc. and then train them to be effective in the field.

Best Practices for Effective Threat Management

To succeed and grow rapidly, an organization needs to unite defenses and response to stop threats faster and more efficiently. Effective threat management is achieved when the following framework is applied:

  • Insight: Insight into current threat operations with global services that can be tailored locally to meet the unique needs of an organization.
  • Visibility: Visibility into the threat landscape, inside and out, with services to test cyber resiliency and technology that can integrate security and non-security data sources.
  • Detection: Detection of the most critical threats to an organization through integrations of AI, threat intelligence and attack models derived from years of experience securing top Fortune 500 companies.
  • Investigation: Investigation assisted by AI and advanced analytics across structured and unstructured data sources along with multiple degrees of separation correlation capabilities.
  • Response: Response that delivers automated actions against the most common threats and dynamic business-wide playbooks that offer orchestration across people, processes and technologies.

As organizations continue to struggle with increasingly frequent and complex attacks, it is essential for them to unite people, process and technology to stop threats faster and more efficiently. Threat management provides a great framework to deliver insights into the threat landscape, help organizations detect threats faster, investigate intelligently with AI and advanced analytics, and remediate rapidly with orchestration and automation.

Finally, it is essential to recognize that the threat management approach is beneficial to organizations of all sizes — SMBs to enterprises. Depending on the size of your organization, you may decide to implement a self-service platform or a white glove end-to-end threat management service.

Learn how IBM Security Threat Management Solutions can help

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today