Threat intelligence has become a significant weapon in the fight against cyber attacks, and a large majority of organisations have made it a key part of their security programmes. That’s according to a recent Threat Intelligence report, from Cybersecurity Insiders and Domain Tools.
Threat intelligence is no longer a ‘nice to have’ capability; it has become a vital part of robust cyber security programmes, says the report. A large majority of respondents (77 percent) said threat intelligence is ‘very’ to ‘extremely’ important to their organisations’ security stance.
Respondents are concerned about a variety of cyber threats, with phishing attacks leading the way, cited by more than half of respondents (56 percent). Others include zero-day attacks against publicly unknown vulnerabilities (47 percent); insider attacks, including malicious or careless employees (46 percent); advanced persistent threats/targeted attacks (45 percent); and malware, including viruses, worms, and trojans (44 percent).
Web application attacks were cited by one-third of respondents, denial of service attacks (DoS/ DDoS) by 22 percent, and cryptojacking – the hidden use of corporate computing infrastructures to mine for cryptocurrencies, using up an organisation’s processing capacity and energy – by just 16 percent.
When asked to identify the most critical threat management priorities for their organisation, 45 percent of respondents cited improving threat detection as a priority. Others include proactive threat hunting (39 percent), improving the investigation and analysis of threats (34 percent), and the blocking of them (also 34 percent).
Organisations are deploying their cyber threat intelligence data in a number of different use cases, found the report. Alongside the most obvious deployment scenario – detecting threats and attacks, cited by 58% of the respondents – others include: incident response (49 percent); vulnerability management (45 percent); blocking threats (44 percent); blocking malicious domains or IP addresses, at egress points such as firewalls and threat intelligence gateways (43 percent); proactively hunting for indicators of compromise (35 percent); adding context to investigations or compromise assessments (22 percent); providing trending data and reports to team and management (20 percent); examining DNS server logs for malicious domains or IP addresses (18 percent); building custom IDS signatures for malicious traffic (10 percent); and adding internally generated indicators to commercial ones to track campaigns (also 10 percent).
A troubling finding from the report is that a majority of respondents (59 percent) rate their organisation’s effectiveness at deploying threat intelligence to identify and tackle cyber threats as only average or worse.
Organisations are using an array of tools to aggregate, analyse and present cyber threat intelligence. Just under half (48 percent) are using security information and event management (SIEM) platforms. Others are deploying intrusion monitoring platforms (38 percent); threat intelligence platforms (34 percent); home-grown/bespoke management systems (33 percent); and open source cyber threat intelligence management platforms (30 percent).
However, enterprises face several challenges in making use of their threat intelligence, adds the report. Fifty-seven percent of respondents said that there is lack of security staff to make the intelligence actionable.
Forty-seven percent noted that they lack the resources to access external threat intelligence, and 39 percent have difficulty integrating threat intelligence into existing security controls. Thirty-nine percent are also not able to take action effectively and efficiently using threat intelligence, while 31 percent struggle to manage and maintain multiple sources of intelligence.
Be part of a discussion and connect with like-minded leaders in your sector at our exclusive event series on banking and RegTech.