Firms Value Threat Intel … But Fail to Use it Properly
The vast majority of security professionals in the UK and North American rate threat intelligence as an important part of cybersecurity but inadequate tools, training and processes are holding organizations back, according to a new study.
Security vendor Anomali polled over 1000 security professionals in the two geographies to find that two-thirds of organizations either have or are planning to deploy a threat intelligence platform and 70% are looking to improve threat intelligence efforts going forward.
However, 70% admitted they’re generating simply too much data, or that it’s too complex to be used effectively.
Major factors contributing to the ineffectiveness of threat intelligence programs included lack of staff expertise (69%), lack of ownership (58%) and lack of suitable technologies (52%).
As a result, half (49%) claimed the IT security team doesn’t read or receive threat reports, while 43% said data isn’t used to drive decision making in the security operations center.
Jonathan Martin, operations director Emea at Anomali, told Infosecurity that the right tools can help organizations with stretched resources, by automating up to 80% of responses.
“The information needed to understand the severity of actors, TTPs, campaigns etc. is usually spread far and wide across the internet and often restricted viewing from within a corporate network, so of course the right tools are essential,” he added.
“But in addition, organizations must ensure that security teams they do have in place are highly trained and ready to go, with the necessary knowledge to make the right decisions under stressful situations meaning that the impact of an attack can be greatly reduced.”
Once the right tools and staff are in place, it’s all about what you do with that data, which requires effective planning, claimed Martin.
“Organizations must have a formal threat response plan in place to ensure they are using threat intelligence data in the most effective way, to enable fast decisions to be made and preventative action disseminated quickly,” he concluded.
“This plan has to be rigorously tested to ensure its correct and it works, the time to find out if its effective is not under the pressure of an attack. This can be critical in ensuring both brand and data are protected.”
Source: Information Security Magazine