UK firms are filing to capitalize on holistic and integrated view of security performance as performance, skills, and costs remain biggest hurdles to true data-driven security over the coming year, research from IDC and SecureData has revealed.
Almost all (96%) of UK firms already use threat intelligence products and services and each and every one intend to do so within the next 24 months. There were clear benefits for doing so: companies saw that use of such products could bring about faster attack detection and response (55%), better understanding of threats and attacks (43%), and finding new or unknown threats (42%).
Yet the survey also revealed a number of major challenges that needed to be addressed such as optimizing performance and response times (75%), training and expertise (59%), and the costs of tools, maintenance and personnel (52%). Analytics-based issues were also found to be a significant hurdle. Correlating events (49%) and reducing false positives/negatives (36%) were the highest ranking worries in this regard. Two-thirds of organizations (66%) plan to invest in Big Data analytics engines, but only a quarter are ready to invest in third-party intelligence products or services.
Only a third of those surveyed by IDC believe that threat intelligence includes intrusion monitoring or the sharing of information within the security community (35%). An even smaller group includes analytics either based on behavior (6%) or correlation of security data (6%), while just 3% believe cloud-based intelligence sharing is part of threat intelligence.
Of the most concerning findings in report was the trend for many organizations to collect a substantial amount of information across their IT security infrastructure, but then fail to integrate this with their threat intelligence platform. Just under three-fifths of respondents were found to integrate data from their firewall or UTM devices while almost half (47%) of the 86% of organizations using an MDM to manage mobile devices integrate data from their system with their threat intelligence platform. only a third of firms correlate external data such as threats or attacks on peer companies with their threat intelligence platform.
“Threat intelligence is not simply information,” commented IDC research director Duncan Brown. “It is a service delivering a collated and correlated range of data feeds and sources to provide actionable advice to security operations. Getting this holistic view of security beyond IT is critical to understanding the full context of threat information, but our study suggests firms are taking a somewhat traditional view of intelligence that discounts more innovative developments.”
“IDC’s findings suggest Chief Information Security Officers are not considering the wider context in which their business operates, either from a physical security and application security perspective, or from a broader industry viewpoint,” added SecureData CEO Etienne Greeff. “Nevertheless, the fact they recognize the importance of increased context and intend to invest in such insight as a priority is encouraging as it will enable them to adopt an offensive security posture – one that mitigates the ever-expanding attack surface and better protects their infrastructure, applications and valuable information assets.”