Early-warning attack feeds and actionable reporting are indispensable features in any threat intelligence program
New York, NY, August 24, 2023 – Early, actionable access to credible intelligence is critical amid today’s rapidly changing threat landscape, according to 210 security and IT leaders and executives, practitioners, administrators, and compliance professionals surveyed by CyberRisk Alliance last month. As a result, they now consider threat intelligence tools as essential and are working to acquire more of them.
“Threat intelligence has discovered gaps in our organization’s security architecture and has allowed us to reconfigure our site networks to prevent mass attacks from impacting multiple parts of the organization,” said one respondent.
Key takeaways of the report:
- Respondents crave automated threat intelligence that can anticipate and take immediate action on threats. Fifty-six percent say automated threat detection and response merits must-have status. Having an early warning feed of the newest attacks (80%) and actionable reporting with relevant context (78%) are broadly seen as indispensable features in any threat intelligence program.
- Threat intelligence is largely geared toward improving incident response and internal awareness. Sixty-five percent say threat data is used to improve incident response, versus 50% who say it is used to inform proactive threat hunting. Threat data is primarily collected from internal network traffic versus external sources like the dark web.
- Threat intelligence helps inform proactive policies and updating of threat models. Threat intelligence “helps us develop proactive defense strategies to prevent attacks before they occur,” said one respondent. Many others credited threat intelligence with raising awareness of vulnerabilities and blind spots requiring attention.
- Complex tech stacks and inadequate integrations are a constant challenge to threat intelligence efficacy. Many report challenges when it comes to integrating various security products and data feeds. This results in data that is frequently unreliable, incomplete, or low-quality.
For more detailed findings and analysis, download the full report.
About CyberRisk Alliance
CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, Security Weekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, the peer-to-peer CISO membership network, Cybersecurity Collaborative, and now, the Official Cyber Security Summit and TECHEXPO Top Secret. Click here to learn more.
AuditBoard is the leading cloud-based platform transforming audit, risk, and compliance management. More than 40% of the Fortune 500 leverage AuditBoard to move their businesses forward with greater clarity and agility. AuditBoard is top- rated by customers on G2, Capterra, and Gartner Peer Insights, and was recently ranked for the fourth year in a row as one of the fastest-growing technology companies in North America by Deloitte. To learn more, visit AuditBoard.com.