Threat Intelligence Sharing - A Good Idea But Few Practice

by CXOtoday News Desk    May 26, 2015

threat intelligence

Most security types know and believe that sharing threat intelligence between federal agencies and private organizations is valuable; but only a few actually practice and participate in the process. A recent survey by Enterprise Strategy Group’s (ESG) suggests that an overwhelming 94 percent respondent polled believe it is highly or somewhat valuable to share threat intelligence information between government and other private organizations. However, only a little more than one-third (37 percent) of organizations regularly share internally driven threat intelligence with others, says the study commissioned by security firm Vorstack.

“There is clearly an understood value in leveraging threat data, but organizations are finding it difficult to collect, analyze and pinpoint critical threats,” said Jon Oltsik, ESG senior principal analyst. “According to our research, automation is needed for organizations to wade through the mass of alerts they receive, and standards are needed for the secure sharing of threat intelligence.”

Nearly three-quarters (72 percent) of participants responded that spending on their organization’s threat intelligence program will increase significantly or somewhat in the next 12 to 18 months.

Participants responded that 70 percent of their organizations plan to collect and analyze significantly or somewhat more internal threat intelligence over the next 12 to 24 months; while 55 percent of their organizations plan to collect and analyze significantly or somewhat more external threat intelligence over the next 12 to 24 months.

However, organizations face challenges with collecting and analyzing external threat intelligence. Some of the top challenges include: threat intelligence is collected and analyzed by different individuals/tools so it is difficult to get a holistic picture of internal and external threats (32 percent); organizations inadvertently block legitimate traffic as a result of a problem with threat intelligence collection/analysis (32 percent); threat intelligence collection and analysis workflow process and integration problems (31 percent); and threat intelligence isn’t always as timely or actionable as respondents need it to be (28 percent).

Nearly all participants (97 percent) responded that standards are very important or somewhat important for their organizations to consume threat intelligence.

“The idea around sharing threat intelligence among organizations is rapidly gaining traction,” says Anne Bonaparte, CEO of Vorstack. “To achieve this, organizations need a holistic picture of internal and external threats for the enterprise, and the ability to share threat intelligence among organizations in a manner that is secure, anonymous, non-attributed and standards based, she says.