If you need proof of the risks presented by the latest security threats, you need look no further than today’s headlines. Large enterprises with sophisticated defenses are reporting security breaches on a weekly basis. Cybercriminals are organized, well-funded, persistent and capable of identifying and exploiting network vulnerabilities before the targeted organization knows the vulnerability exists. As IT environments continue to expand into the cloud and integrate more employee-owned mobile devices, many organizations are struggling to keep up with emerging threats.
Defending against the constant onslaught of attacks requires advanced threat intelligence, the documentation and coordinated sharing of information about new security threats and vulnerabilities from the moment they are detected. Threat intelligence solutions provide an ongoing stream of data feeds that are used to assess the risk level of each threat and prioritize efforts to address them. Threat intelligence programs can also be used to automate incident prevention and remediation activities, and to improve the efficiency and effectiveness of risk management.
According to a report from Webroot and the Ponemon Institute, threat intelligence is widely viewed as an essential but underutilized component of cybersecurity. Forty percent of the organizations surveyed had a security breach within the last two years, and 80 percent of those victimized companies believe threat intelligence could have stopped or reduced the impact of the attack. Yet 47 percent of survey respondents say threat intelligence is not a core component of their security strategy.
Although most organizations recognize the value of threat intelligence, improvements need to be made to maximize its effectiveness. The study found that 56 percent of respondents believe threat intelligence data becomes stale within minutes or even seconds. Eighty-five percent are dissatisfied with the quality of the data received. As a result, 49 percent of respondents use paid sources of intelligence, citing free sources as inadequate for analysis and threat prioritization. The ability to apply threat intelligence and assess the trustworthiness of the source in real time is viewed as a valuable component of a threat intelligence solution.
But data quality and the sources of data aren’t the only problems. Only one in six respondents believe they have effective processes for using threat intelligence from external sources, and fewer than three in 10 believe they are capable of effectively handling internally generated data. Not surprisingly, only 36 percent of respondents rate their security as strong.
Nevertheless, threat intelligence is receiving a lot of attention as organizations seek to stem the tide of zero-day exploits, advanced persistent threats and types of other cyberattacks. If you’re interested in exploring threat intelligence solutions, Technologent can help you evaluate the various options and establish strategies for taking maximum advantage of the data they provide. Contact us to discuss how advanced threat intelligence can augment your security processes and help you detect and stop attacks before they’re launched.
July 23, 2015