Cyber ​​Threat Intelligence is growing out of its infancy

top cybersecurity companies

Cyber ​​Threat Intelligence (CTI) is evolving gradually. However, there is still some catching up to do in terms of automation and measurability.

Cyber ​​Threat Intelligence (CTI), i.e. the insight into the current risk situation, has won a place among the most important IT security measures in recent years. The SANS Institute publishes the results of its Cyber ​​Threat Intelligence Survey for 2022. Security experts from 200 organizations worldwide were surveyed. Impacted by supply chain attacks like the SolarWinds incident and massive vulnerabilities like Log4j, respondents cited a need to quickly contextualize vast amounts of shared information and mitigate cyber threats. Your goal is to get an overview and an awareness of the threat situation. The main results of the survey are:

– More and more companies are starting to develop their CTI capabilities, although this is often at an early stage and processes still need to be developed.

– Some promising trends from the past few years, such as collaboration between CTI teams and other departments, have been around since the Home Office-Situation declining in response to the COVID-19 pandemic. Businesses may find that coordination that was less intuitive when working on-premises even before the pandemic hit, is now even more difficult.

– A significant 21 percent of respondents said they cannot measure whether their CTI program is actually valuable to their organization. This finding underscores the need for more and better ways to measure the effectiveness of CTI programs, the tools, and their sources.

– Threat intelligence platforms are still not the main tool used by CTI teams – they are not in the top four, with “spreadsheets/email” once again coming out on top. One in two respondents still prefer self-developed CTI platforms. Providers of such platforms can certainly improve the analysts’ experience by understanding the use cases and better sharing the requirements between practitioners and providers. However, an encouraging trend is the slight proliferation of commercial and open source CTI management platforms in terms of automation and integration.

Summarizing key findings from the survey, authors and SANS trainers Rebekah Brown and Pasquale Stirparo said, “CTI requires both collaboration and communication. The shift of many workplaces to the home office, increasing cyber threats and heavy workloads over the past two years have affected some key components of collaboration. Organizations can address these factors through both processes and tools. They should assess whether they have lost communication channels with key stakeholders and find ways to rebuild those channels. In some cases, organizations need additional tools to facilitate collaboration. Many CTI tools, like TIPs, have built-in collaboration features that teams can review to see if they fit with existing processes and workflows.”

“An interesting finding from the survey is that a high percentage of companies are still unable to measure the effectiveness of CTI programs, tools and sources. Accurately determining the value of an intelligence program allows teams to justify the need for more resources, new people and new tools, and to bring the organizations and industry to a higher level of maturity. This is a call to action for both practitioners and vendors to find better and easier ways to measure the success of CTI,” added Cyrille Badeau, vice president of international sales at ThreatQuotient.

Leave a Reply

Your email address will not be published.