November 1, 2016

Threat Intelligence Overload: Ponemon Report Says 70% of Organizations Swamped by Cyberthreat Data

Critical Threat Information Frequently Withheld from Board and C-Level Leadership

REDWOOD CITY, CA – November 1, 2016Anomali, provider of market-leading threat intelligence platforms, today announced the results of a Ponemon Institute study revealing that 70 percent of security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights. The report also showed that organizations neglect to share essential threat data with board members and C-level executives, despite the fact that security is now a business priority. On average, only 31 percent of these key stakeholders receive information that can be used to inform them about critical security and risk issues they face today. Anomali partnered with Ponemon to conduct the survey of 1,072 respondents in the United Kingdom and North America to identify how organizations prioritize threat intelligence.

“The Value of Threat Intelligence: A Study of North American and United Kingdom Companies” also found that security teams within organizations are not optimized to deliver on threat intelligence. Less than half (46 percent) of those polled say incident responders use threat data when deciding how to respond to malicious activity, which leaves numerous vulnerabilities undiscovered. Almost a third (73 percent) of respondents admit they aren’t using threat data very effectively to pinpoint cyberthreats.

The top reasons for ineffectiveness include:

  • Lack of staff expertise (69 percent of respondents)
  • Lack of ownership (58 percent of respondents)
  • Lack of suitable technologies (52 percent of respondents)

“Too much data that is not delivered in the right way can be just as bad as not enough. This is the situation that many companies find themselves in. We call it threat overload,” said Hugh Njemanze, CEO of Anomali. “The number of threat indicators is skyrocketing and organizations simply cannot cope with the volume of threat intelligence data coming their way. It’s clear that what businesses need is a system that pinpoints the threats they must take notice of and that gives them actionable and relevant insights.”

The inadequacy of organizations’ processes and reporting techniques creates additional challenges for prioritizing threat data. Fifty-six percent of respondents say their companies do not use standardized communication protocols and if they do, it is most likely in the form of difficult-to-understand, unstructured PDFs or CSVs (59 percent). Fifty-three percent say the process of prioritizing malicious activity data within a threat intelligence platform is very difficult.

To add to these issues further, the report also found:

  • 52 percent of respondents believe their companies need a qualified threat analyst to maximize the value of threat intelligence
  • 43 percent of respondents say the data isn’t used to drive decision making within their organization’s security operations center
  • 49 percent say their IT security team doesn’t receive or read threat intelligence reports

“Every industry knows that threat intelligence is a key component of any effective defense strategy and, as this survey points out, it has become too overwhelming to deal with,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Security providers do a great job of gathering and storing data. Now, they need to simplify it and make it actionable so that security teams and top executives can make decisions that protect their businesses from surging attacks.”

Threat Intelligence is a Priority

According to the report, 78 percent of respondents rate the importance of threat intelligence in achieving a strong cybersecurity posture as very high. Two-thirds of organizations either have or are planning to deploy a threat intelligence platform and 70 percent are seeking to improve threat intelligence efficiency in the future. Both findings show that the industry is taking note of always-increasing numbers of data breaches and that it recognizes the value of an early warning system.

“With the growing threats to organizations posed by cybercriminals, it is clear there is a need to help businesses cut through the noise of data to find the threat intelligence that is relevant and actionable. User-intuitive platforms that disseminate the influx of information are essential, as well as having clearly defined roles and responsibilities among staff. We all know that the bad guys analyze intelligence on how to break into networks — it’s now time for enterprises and other organizations that are being attacked to analyze intelligence on adversaries. With a real-time view, security professionals need to know who the attackers are, where they live and what techniques they typically use to stay ahead,” continued Njemanze.

To download a copy of the report, “The Value of Threat Intelligence: A Study of North American and United Kingdom Companies,” please visit: http://bit.ly/2f1XTeI

Additional announcements Anomali made today include:

  • Anomali Appoints Former ExxonMobil Threat Intelligence Expert to Drive Security Strategy: http://bit.ly/2eNrk3J
  • Demand for Anomali Threat Intelligence Platforms Drives Record Customer Growth: http://bit.ly/2eUL2rJ

Learn more about Anomali products: https://www.anomali.com/product
Follow us on Twitter: @Anomali
Follow us on LinkedIn

About Anomali

Anomali delivers earlier detection and identification of adversaries in your organization’s network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali's approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred. Headquartered in Redwood City, Calif., the company is privately held and has received venture capital backing from General Catalyst Partners, GV, Institutional Venture Partners, and Paladin Capital Group, as well as individual investors. To learn more, visit www.anomali.com and follow us on Twitter: @anomali.

Press Contact

Nicole Pitaro
Bhava Communications for Anomali
(630) 532-8879
anomali@bhavacom.com