Connect with us

CyberSecurity

Study: IT Security Leaders Lean on External Support for Most Threat Intelligence

Published

on

Threat Intelligence

Information Technology (IT) security leaders seeking to boost internal threat intelligence (TI) programs would prefer to delegate five out of eight major TI aspects to external vendors rather than develop them in-house.

This is according to a commissioned survey conducted by Forrester Consulting on behalf of Kaspersky.

For most respondents, quicker threat detection, remediation and response are the main advantages of using external solutions.

Threat intelligence has become a must-have for incidents’ prevention and an important area for organisations to invest in.

At the same time, this new specialty remains challenging for IT security teams because it requires constant tracking, analysing and interpreting of large amounts of fragmented data in addition to regular reevaluation and adjusting of appropriate skills, sources and tools.

The new study, evaluating threat intelligence practices among firms with mature cyber security functions¹, revealed that although 83% of decision-makers recognise the crucial role of threat intelligence in building a resilient cybersecurity program and plan to invest in the area, TI remains a challenging specialty for all firms.

Close to two-thirds of IT security leaders (64%) said their firm struggles to align their threat intelligence program with their risk management program, and 62% face difficulties implementing measurement procedures to track threat intelligence effectiveness.

Other major concerns include improving knowledge of the threat landscape, prioritising multiple stakeholder requirements for information, and identifying gaps in data.

To tackle these challenges and improve their threat intelligence program, IT security decision-makers plan to implement a range of measures internally and leverage vendors’ offerings.

Respondents believe it is more efficient to lean on external vendors for the majority of TI needs.

Six in ten (61%) would put support in place for processing raw intelligence information, 60% for collecting human intelligence and 59% for integrating data feeds with other security tools.

Advertisement

However, firms still prioritise developing in-house capabilities for choosing and aggregating data sources.

Cybersecurity threat intelligence

Source: Kaspersky

The top two benefits of using vendors’ support are quicker threat detection, remediation and response (56%) and improved efficiency with automated reporting processes (52%).

About half of respondents also said external solutions can reduce the number of breaches and lower associated costs.

“Threat intelligence program strengthens a company’s defense, contributing to visibility over the threat landscape by providing relevant and applicable insights.

Facilitating threat intelligence processing and analysis it enables companies to make timely and fully-informed decisions.

However, evaluating TI services and choosing among the innumerable available market options is another challenge that confronts IT security teams”, comments Artem Karasev, Product Marketing Lead, Corporate Product Marketing at Kaspersky. “Our experience in threat research suggests that while there are virtually no criteria perfectly applicable for all organisations, the guiding principle for choosing external threat intelligence sources should be quality over quantity”.

Kaspersky suggests paying special attention to the following points when evaluating external threat intelligence solutions:

  • Information sources the vendor uses: vendors that aggregate information from around the world can provide more visibility over actual threats and efficiently correlate fragmented activities.
  • Capability to provide context: contextual data helps reveal the ‘bigger picture’, further validating and supporting the wide-ranging uses of the data. Relationship context, such as domains associated with the detected IP addresses or URLs for where the file was downloaded from etc., boosts incident investigation and supports better incident ‘scoping’ by uncovering newly acquired related Indicators of Compromise in the network.
  • Compatibility with existing solutions: an examination of vendor’s delivery methods and integrations systems ensures smooth integration of threat intelligence into existing security operations.
  • Vendor’s experience: proven track record of threats investigation ensures efficacy of proposed solutions.
Advertisement
Click to comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Advertisement
Advertisement

Facebook