· 96% of UK firms already use Threat Intelligence products and services; all of those surveyed intend to do so within the next 24 months
· Faster attack detection and response (55%), better understanding of threats and attacks (43%), and finding new or unknown threats (42%) were the main benefits identified
· Major challenges include performance and response times (75%), training and expertise (59%), and the costs of tools, maintenance and personnel (52%)
Analytics-based issues are also regarded as a significant hurdle. Correlating events (49%) and reducing false positives / negatives (36%) scored surprisingly high, while two thirds of organisations (66%) plan to invest in Big Data analytics engines, but only a quarter are ready to invest in third-party intelligence products or services.
“Threat intelligence is not simply information,” states Duncan Brown, Research Director, IDC. “It is a service delivering a collated and correlated range of data feeds and sources to provide actionable advice to security operations. Getting this holistic view of security beyond IT is critical to understanding the full context of threat information, but our study suggests firms are taking a somewhat traditional view of intelligence that discounts more innovative developments.”
Only a minority of those surveyed by IDC believe that Threat Intelligence includes intrusion monitoring (33%), or the sharing of information within the security community (35%). An even smaller group includes analytics either based on behaviour (6%) or correlation of security data (6%). Just 3% believe cloud-based intelligence sharing is part of Threat Intelligence.
Crucially, although many organisations collect a substantial amount of information across their IT security infrastructure, they are failing to integrate this with their Threat Intelligence platform:
· Less than 60% of respondents integrate data from their firewall or UTM devices
· Just under half (47%) of the 86% of organisations using an MDM to manage mobile devices integrate data from their system with their Threat Intelligence platform
· Only 34% of firms correlate external data such as threats or attacks on peer companies with their Threat Intelligence platform
“IDC’s findings suggest Chief Information Security Officers are not considering the wider context in which their business operates, either from a physical security and application security perspective, or from a broader industry viewpoint,” states Etienne Greeff, CEO, SecureData. “Nevertheless, the fact they recognise the importance of increased context and intend to invest in such insight as a priority is encouraging as it will enable them to adopt an offensive security posture one that mitigates the ever-expanding attack surface and better protects their infrastructure, applications and valuable information assets.
