February 28, 2019

Anomali Publishes the Third Annual Ponemon Report—Finding Organizations Rapidly Embracing Cyber Threat Intelligence to Combat Growing Security Threats

Threat detection effectiveness gap remains as security teams struggle with attack volumes

February 28, 2019 – Redwood City, CA – Anomali published today the third annual report on the cyber threat intelligence sector in partnership with the Ponemon Institute. The report reveals continued widespread adoption of threat intelligence with 79% of North American respondents indicating they now leverage intelligence in security programs. Despite this rapid adoption, the level of effectiveness still lags, with only 41% of respondents claiming to be effective with their intelligence programs.

The report, “The Value of Threat Intelligence: Annual Study of North American and United Kingdom Companies” surveyed over 1,000 IT and security practitioners to evaluated threat intelligence usage, benefits and challenges. The survey found:

  • 85% rate threat intelligence highly important to security operations
  • While Phishing attacks are most worrisome for 25% of respondents, they are most time consuming for nearly twice as many respondents (45%)
  • Data volumes continue to strain detection capabilities: too much internal traffic, too many threat indicators to track, too many false positives, lack of historical data to perform investigations

“For the third straight year we have seen threat intelligence consistently grow in use across the US and UK by enterprises,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “During this period, we’ve also seen rapid growth in attack frequency, and the need for security teams to improve detection capabilities. Threat intelligence offers the promise to identify attacks earlier and respond more effectively.”

The report examines in detail the barriers to more successful adoption of threat intelligence and provides recommendations for organizations looking to augment threat detection and response capabilities. The rise of Phishing attacks is taxing security teams, which are often understaffed, who must now analyze, investigate and respond to myriad threats daily—often at the expense of deeper investigation of more sophisticated and targeted attacks. This points to the need for greater automation and prioritization of serious threats.

“Threat intelligence offers security teams detectable ‘fingerprints’ of malicious actors. When properly leveraged, this intelligence can reveal serious attacks at their earliest stages,” said Dan Barahona, chief marketing officer at Anomali. “Our research with the Ponemon Institute confirms this value, while uncovering the challenges organizations face in fully operationalizing threat intelligence.”

A full report is available for download including detailed statistics on the effectiveness gap, eight best practices from top performing cyber threat intelligence organizations, and comprehensive statistics from this year’s report. Download the full report on the Anomali site –


About Anomali

Anomali® detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide. For more information, visit us at www.anomali.com.