Threat intelligence appears to be a rising tide: More than three-quarters (76%) of respondents in a new survey believe they have a moral responsibility to share it. But how to best enable information-trading is open to debate, with most distrusting public forums.
The research, from AlienVault, noted that although there is no requirement or mandate for companies to do so, many security professionals feel that if they observe an active exploit, it is their duty to share it with others. And organizations are backing up this belief with action. An overwhelming 95% of survey respondents use threat intelligence in some way.
However, the majority are still only sharing this in closed forums, either among trusted peers (56%) or internally (47%). Security professionals also share information with government agencies (28%), publicly (18%) and with crowdsourced/open-source platforms (15%).
When it comes to incoming sources of data, survey respondents rely on a range of threat intelligence sources, including their own detection processes (66%), trusted peers (48%), paid subscription services (44%), government agencies (38%), crowdsourced/open-source communities (37%) and blogs/online forums (28%). That said, most people still don’t trust most public sources of threat intelligence, and the only response that gained a positive result of over 50% was threat intelligence from security vendors (65%).
However, the adoption of crowdsourced platforms for threat intelligence sharing increased by almost five times since last year. AlienVault said that it expects the trend will continue to escalate as confidence in threat-sharing platforms increases and as the trusted peer groups of security professionals expands.
“Threat intelligence can be additive in nature,” the report noted. “A company can rely primarily on its own internal detection processes, but can complement this method with sources such as a government feed, or by pulling data from a crowdsourced platform, with little overlap in the data obtained. By referencing more threat intelligence sources, a company can gain a more comprehensive view of the overall threat landscape.”
The majority of respondents (62%) stated that, over the last two years, their security teams have increased in size; this dovetails with the fact that more than half of survey participants (53%) reported an increase in security incidents over the past year. More than two-thirds of respondents (69%) said that incorporating threat intelligence had made it easier for security teams to respond to incidents.
“The nature of the security industry has been extremely secretive, so it’s very encouraging to see that more people are utilizing different sources and are willing to more openly share threat intelligence,” said Javvad Malik, security advocate at AlienVault. “Malicious criminals innovate quickly, and the more our industry can achieve a similar level of agility through cooperation and collaboration, the more we can create a powerful collective defense against today’s advanced threats. Public threat intelligence sources, such as AlienVault’s Open Threat Exchange, enable even the smallest IT departments to leverage the collective knowledge of a global network of security experts to better identify, respond to and mitigate threats. We hope to see continued trust in these sources.”
Photo © pathdoc