Threat Intelligence identified as 2016 investment priority

Study finds performance, skills, and costs remain biggest hurdles to true data-driven security.

  • 9 years ago Posted in
SecureData and IDC have unveiled the findings of a study of 300 large UK companies to gauge their understanding of Threat Intelligence and the key factors necessary to deliver on its potential.
The IDC study, Towards Threat Wisdom, found that:
·      96% of UK firms already use Threat Intelligence products and services; all of those surveyed intend to do so within the next 24 months
·      Faster attack detection and response (55%), better understanding of threats and attacks (43%), and finding new or unknown threats (42%) were the main benefits identified
·      Major challenges include performance and response times (75%), training and expertise (59%), and the costs of tools, maintenance and personnel (52%)
Analytics-based issues are also regarded as a significant hurdle. Correlating events (49%) and reducing false positives / negatives (36%) scored surprisingly high, while two thirds of organisations (66%) plan to invest in Big Data analytics engines, but only a quarter are ready to invest in third-party intelligence products or services.
“Threat intelligence is not simply information,” states Duncan Brown, Research Director, IDC. “It is a service delivering a collated and correlated range of data feeds and sources to provide actionable advice to security operations. Getting this holistic view of security beyond IT is critical to understanding the full context of threat information, but our study suggests firms are taking a somewhat traditional view of intelligence that discounts more innovative developments.”
Only a minority of those surveyed by IDC believe that Threat Intelligence includes intrusion monitoring (33%), or the sharing of information within the security community (35%). An even smaller group includes analytics either based on behaviour (6%) or correlation of security data (6%). Just 3% believe cloud-based intelligence sharing is part of Threat Intelligence.
Crucially, although many organisations collect a substantial amount of information across their IT security infrastructure, they are failing to integrate this with their Threat Intelligence platform:
·      Less than 60% of respondents integrate data from their firewall or UTM devices
·      Just under half (47%) of the 86% of organisations using an MDM to manage mobile devices integrate data from their system with their Threat Intelligence platform
·      Only 34% of firms correlate external data such as threats or attacks on peer companies with their Threat Intelligence platform
“IDC’s findings suggest Chief Information Security Officers are not considering the wider context in which their business operates, either from a physical security and application security perspective, or from a broader industry viewpoint,” states Etienne Greeff, CEO, SecureData. “Nevertheless, the fact they recognise the importance of increased context and intend to invest in such insight as a priority is encouraging as it will enable them to adopt an offensive security posture ­ one that mitigates the ever-expanding attack surface and better protects their infrastructure, applications and valuable information assets.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...