Sharing Threat Intelligence Sounds Like a Good Idea, But...

Written by

Most security types know and believe that sharing threat intelligence between federal agencies and private organizations is valuable; but only a few actually participate in the sharing.

According to Enterprise Strategy Group’s (ESG) Threat Intelligence Survey, IT personnel overwhelmingly (94%) believe that it’s highly or somewhat valuable to share threat intelligence. However, only 37% of respondents’ organizations regularly share internally driven threat intelligence with other organizations or industry Information Sharing and Analysis Centers (ISACs).

It sounds like hypocrisy, but the fact is, organizations face challenges when it comes to putting threat intel strategies into place.

“There is clearly an understood value in leveraging threat data, but organizations are finding it difficult to collect, analyze and pinpoint critical threats,” said Jon Oltsik, ESG senior principal analyst, in a statement. “According to our research, automation is needed for organizations to wade through the mass of alerts they receive, and standards are needed for the secure sharing of threat intelligence.”

The survey found that some of the top challenges include: threat intelligence collected and analyzed by different individuals/tools, making it difficult to get a holistic picture of internal and external threats (32%); organizations inadvertently blocking legitimate traffic as a result of a problem with threat intelligence collection/analysis (32%); threat intelligence collection and analysis workflow process and integration problems (31%); and threat intelligence that isn’t always as timely or actionable as respondents need it to be (28%).

The good news is that nearly three-quarters (72%) of participants responded that spending on their organization’s threat intelligence program will increase significantly or somewhat in the next 12 to 18 months.

Participants also responded that 72% of their organizations plan to collect and analyze significantly or somewhat more internal threat intelligence over the next 12 to 24 months; while 55% of their organizations plan to collect and analyze significantly or somewhat more external threat intelligence in that time.

“The idea around sharing threat intelligence among organizations is rapidly gaining traction,” said Anne Bonaparte, CEO of Vorstack, which sponsored the survey. “To achieve this, organizations need a holistic picture of internal and external threats for the enterprise, and the ability to share threat intelligence among organizations in a manner that is secure, anonymous, non-attributed and standards-based.”

What’s hot on Infosecurity Magazine?