Organizations Continue to Struggle with Insufficient Expertise, Data Overload, Inadequate Threat Sharing
REDWOOD CITY, Calif. – September 14, 2017 – Anomali today released the findings of its second annual Ponemon Institute study, highlighting the increasing importance of threat intelligence in detection and mitigation of cybersecurity threats. Amidst growing concerns of large-scale cyber attacks, the survey found that 84 percent of organizations indicated threat intelligence is “essential to a strong security posture.” However, many organizations struggle with an overwhelming amount of threat data and lack of staff expertise, which diminish the effectiveness of their threat intelligence programs. Threat sharing remains a key priority for organizations, half of which report participating in sharing communities, but a majority of these organizations (60 percent) only receive community intelligence and do not contribute.
“The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies” surveyed over 1,000 IT and security practitioners to examine trends in the benefits and challenges of threat intelligence. The results uncovered year over year growth across several critical areas of threat intelligence usage, including increased adoption and effectiveness. Key findings include:
“It’s abundantly clear that organizations now understand the benefits provided by threat intelligence, but the overwhelming volume of threat data continues to pose a hurdle to truly effective adoption,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Threat intelligence programs are often challenging to implement, but when done right, they are a critical element in an organization’s security program. The significant growth in adoption over the past year is encouraging as it indicates widespread recognition of the value threat intelligence provides.”
The Ponemon report revealed that despite overall improvement in threat intelligence usage, threat data overload continues to plague organizations. Sixty-nine percent of respondents indicated that threat intelligence is too voluminous and complex to provide actionable intelligence. Other respondents cited difficulty in the integration of threat intelligence platforms with other security technologies and tools (64 percent), and a lack of alignment between analyst activities and operational security events (52 percent). Additionally, 71 percent of organizations fail to keep more than three months of historical event logs online, posing a significant challenge in identifying existing threats within the organization.
Other top reasons for threat intelligence ineffectiveness include:
“We all see the growing cybersecurity threats, with attacks routinely making the front page. Every day cyber researchers discover thousands of new threats. Organizations need rapid access to the latest threat intelligence to detect any malicious activity in their networks,” said Hugh Njemanze, CEO of Anomali. “In the face of unprecedented volumes of cyber threats, organizations must be able to quickly pinpoint active threats and mitigate them before material damage occurs. This requires a system that is able to prioritize threat data and turn it into actionable insights.”
External threat sharing also remains limited. Only 50 percent of respondents currently participate in industry-centric sharing initiatives such as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant intelligence, collaboration with peers and networking with other security teams. Of those organizations, the majority (60 percent) only receive threat intelligence through ISACs but do not contribute intelligence. The biggest hurdles to outbound intelligence sharing include a lack of expertise (54 percent) followed by fear of revealing a breach (45 percent).
In response to these challenges, many organizations have successfully identified a variety of resources and techniques to help maximize the effectiveness of their threat intelligence, including:
To download a copy of “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies,” and listen to a podcast interview with the report’s author, Larry Ponemon, please visit: www.anomali.com/ponemon
The Anomali suite of threat intelligence solutions empowers organizations to detect, investigate and respond to active cybersecurity threats. The award-winning ThreatStream threat intelligence platform aggregates and optimizes millions of threat indicators, creating a "cyber no-fly list." Anomali integrates with internal infrastructure to identify new attacks, or search forensically over the past year to discover existing breaches, and enables security teams to quickly understand and contain threats. Anomali also offers STAXX, a free tool to collect and share threat intelligence, and provides a free, out of the box intelligence feed, Anomali Limo. To learn more, visit www.anomali.com and follow us on Twitter: @Anomali.
Bhava Communications for Anomali