The perceived value of threat intelligence is growing, with 68% of organizations currently creating or consuming data around the latest cybersecurity campaigns.
According to the SANS 2018 Cyber Threat Intelligence Survey, about a fifth (22%) of organizations have plans to use threat intelligence in the future.
The adoption of threat intelligence programs has steadily grown, with more respondents than ever before using them to improve their overall cybersecurity posture. The rate climbed to 81% this year, compared to 78% in 2017 and 64% in 2016.
According to the report, some of the most popular security operations tasks that threat intelligence programs support include detection (79%), incident response (71%), blocking threats (70%) and threat hunting (62%). Many of the survey responses indicated that the increased emphasis on threat intelligence and information sharing was key to allowing operations teams to quickly search for existing compromises and proactively block access from external clients.
“Despite the onslaught of new threats that have been waged this past year, the SANS survey findings reflect [that] threat intelligence platforms and programs are improving overall prevention, detection, and response efforts,” said Tim Helming, director of product management of DomainTools, which sponsored the survey. “Cyber-threat intelligence is such an effective and important part of security operations because it converts an organization’s general posture from a reactive to proactive mindset, which gets teams beyond the ‘if’ something will happen to ‘when something happens, we are ready for it.’”
The report also found that some threat intelligence is more useful than others, with detailed malware indicators (81%) and information on the vulnerabilities that are targeted by attackers (79%) seen as the top two.
The largest improvements in the threat intelligence ecosystem from last year were in improving security operations (this increased from 63% to 70%), preventing damage to business systems or data (increased from 36% to 45%), reducing time to identify and respond to incidents (increased from 50% to 59%) and revealing vulnerabilities to implement new controls (increased from 48% to 59%).
The prevalence of dedicated threat intelligence platforms is also on the rise, up from 41% in 2017 to 57% in 2018; This year, 48% connected to threat intelligence programs via API.