A new IDC survey on the understanding of threat intelligence found that while most businesses intend to use some form of threat intelligence product and service – a service that understands the threats and tools and techniques an adversary may use - many are hampered by major challenges around performance and response times (75%), training and expertise (59%), and the costs of tools, maintenance and personnel (52%).
The SecureData sponsored survey, Towards Threat Wisdom, found analytics-based issues are also regarded as a significant hurdle. Correlating events (49%) and reducing false positives / negatives (36%) scored surprisingly high, while two thirds of organisations (66%) plan to invest in Big Data analytics engines, but only a quarter are ready to invest in third-party intelligence products or services.
“Threat intelligence is not simply information,” states Duncan Brown, Research Director, IDC. “It is a service delivering a collated and correlated range of data feeds and sources to provide actionable advice to security operations. Getting this holistic view of security beyond IT is critical to understanding the full context of threat information, but our study suggests firms are taking a somewhat traditional view of intelligence that discounts more innovative developments.”
Crucially, although many organisations collect a substantial amount of information across their IT security infrastructure, they are failing to integrate this with their threat intelligence platform:
- Less than 60% of respondents integrate data from their firewall or UTM devices
- Just under half (47%) of the 86% of organisations using an MDM to manage mobile devices integrate the data with their threat intelligence platform
- Only 34% of firms correlate external data such as threats or attacks on peer companies with their Threat Intelligence platform
Etienne Greeff, CEO of survey sponsors SecureData said “IDC’s findings suggest Chief Information Security Officers are not considering the wider context in which their business operates, either from a physical security and application security perspective, or from a broader industry viewpoint.” Adding, “Nevertheless, the fact they recognise the importance of increased context and intend to invest in such insight as a priority is encouraging as it will enable them to adopt an offensive security posture one that mitigates the ever-expanding attack surface and better protects their infrastructure, applications and valuable information assets."