Connect with us

Hi, what are you looking for?

HEADLINES

IT security leaders lean on external support for most aspects of threat intelligence

IT security leaders seeking to boost internal threat intelligence (TI) programs would prefer to delegate five out of eight major TI aspects to external vendors rather than develop them in-house.

According to a commissioned survey conducted by Forrester Consulting on behalf of Kaspersky, IT security leaders seeking to boost internal threat intelligence (TI) programs would prefer to delegate five out of eight major TI aspects to external vendors rather than develop them in-house. For most respondents, quicker threat detection, remediation and response are the main advantages of using external solutions.

Threat intelligence has become a must-have for incidents prevention and an important area for organizations to invest in. At the same time, this new specialty remains challenging for IT security teams because it requires constant tracking, analyzing, and interpreting of large amounts of fragmented data in addition to regular reevaluation and adjusting of appropriate skills, sources and tools. 

The new study, evaluating threat intelligence practices among firms with mature cyber security functions, revealed that although 83% of decision-makers recognize the crucial role of threat intelligence in building a resilient cybersecurity program and plan to invest in the area, TI remains a challenging specialty for all firms. 

Close to two-thirds of IT security leaders (64%) said their firm struggles to align their threat intelligence program with their risk management program, and 62% face difficulties implementing measurement procedures to track threat intelligence effectiveness. 

Advertisement. Scroll to continue reading.

Other major concerns include improving knowledge of the threat landscape, prioritizing multiple stakeholder requirements for information, and identifying gaps in data.

To tackle these challenges and improve their threat intelligence program, IT security decision-makers plan to implement a range of measures internally and leverage vendors’ offerings. Respondents believe it is more efficient to lean on external vendors for the majority of TI needs. 

Six in ten (61%) would put support in place for processing raw intelligence information, 60% for collecting human intelligence, and 59% for integrating data feeds with other security tools. However, firms still prioritize developing in-house capabilities for choosing and aggregating data sources.

The top two benefits of using vendors’ support are quicker threat detection, remediation and response (56%) and improved efficiency with automated reporting processes (52%). About half of respondents also said external solutions can reduce the number of breaches and lower associated costs.

“Threat intelligence program strengthens a company’s defense, contributing to visibility over the threat landscape by providing relevant and applicable insights. Facilitating threat intelligence processing and analysis it enables companies to make timely and fully-informed decisions. However, evaluating TI services and choosing among the innumerable available market options is another challenge that confronts IT security teams,” comments Artem Karasev, Product Marketing Lead, Corporate Product Marketing at Kaspersky. 

“Our experience in threat research suggests that while there are virtually no criteria perfectly applicable for all organizations, the guiding principle for choosing external threat intelligence sources should be quality over quantity,” adds Karasev.

Advertisement. Scroll to continue reading.

Kaspersky suggests paying special attention to the following points when evaluating external threat intelligence solutions: 

  • Information sources the vendor uses: vendors that aggregate information from around the world can provide more visibility over actual threats and efficiently correlate fragmented activities.
  • Capability to provide context: contextual data helps reveal the “bigger picture”, further validating and supporting the wide-ranging uses of the data. Relationship context, such as domains associated with the detected IP addresses or URLs for where the file was downloaded from, etc., boosts incident investigation and supports better incident ‘scoping’ by uncovering newly acquired related Indicators of Compromise in the network.
  • Compatibility with existing solutions: an examination of vendor’s delivery methods and integrations systems ensures smooth integration of threat intelligence into existing security operations.
  • Vendor’s experience: proven track record of threats investigation ensures the efficacy of proposed solutions. 

The full study Mature Threat Intelligence to Build Resilient Cybersecurity Programs is available via the link. 

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

From December 5, 2024 to January 31, 2025, enjoy exclusive deals on the best ASUS laptops and ROG devices, and enjoy matching them with the newest kicks...

HEADLINES

This move underscores Globe's commitment to expanding its services to meet the evolving needs of its customers, particularly the Overseas Filipino Worker (OFW) market.

HEADLINES

Smart also sounds the alarm on criminals using ‘fake cell towers’ to bypass network defenses. The Philippine National Police had earlier called on the...

HEADLINES

“Our free AI-powered platform provides access to in-demand job skills that address the gaps in the school-to-work journey of K-12 students in the Philippines,”...

HEADLINES

The program is a step-up from the standard on-the-job training in college level education. The tie-up involves students from the College of Accountancy, Business Administration...

HEADLINES

Through this collaboration, Smart and PLDT Enterprise will leverage Ericsson’s expertise in private 5G to offer tailor-made network solutions for enterprises, helping them maximize...

HEADLINES

"Every technology is now either enabling AI or is enabled by AI. We are evolving from static and reactive AI to a more dynamic,...

HEADLINES

With AWS, Grab is pursuing a technology-led strategy to accelerate growth across its mobility, deliveries and financial services verticals, including its new digibanks, while...

Advertisement