We recently partnered with ISMG to develop and administer a survey delving into the current state of threat intelligence. What we learned from125 security leaders isn’t surprising: Threat intelligence MUST be timely and relevant.
While collecting intelligence is one thing – that can pose its own issues – making threat intelligence actionable is quite another. With 57% of security professionals rating their organization’s ability to operationalize threat intelligence as “Below Average,” it maybe time to re-evaluate your processes. If your threat intelligence is being interpreted and acted upon in 2-4 hours, is that really fast enough?
Determining How You Stack Up
For many organizations, the first hurdle when wrangling the idea of threat intelligence is its definition. In many cases, how you operationalize threat intelligence and the expectations of that threat intelligence being used may not be realized to the fullest extent by all customers. In other words,
…they think that they are doing a great job with what they’ve got, but yet at the same time, there is a level that they are just not even aware could be obtained.
This is a problem, as 79% of security professionals expect their reliance on actionable threat intelligence to increase in the coming year. So, what are some best practices for truly having actionable threat intelligence? LookingGlass Senior Vice President of Threat Intelligence, Doug Dangremond shared a few things that companies who rank as “successful” in deploying their threat intelligence have in common:
- They have spent years planning and implementing the right technology, infrastructure, and expertise
- These companies layer additional intelligence into the incident to put some level of context around it
- Staffing at these organizations includes not only those with strong IT backgrounds, but also candidates who can understand the art and science of collection, investigation, and mitigation
For the full survey results, as well as additional insight from Doug:Read the Survey