Threat Intelligence Needed Quickly or Not at All, Ponemon Study Finds
Companies can prevent 40 percent of their losses if they use information on the current threats, but the value of the intelligence fades quickly.Fresh information on the latest online threats can enable companies to respond more quickly to attacks and prevent compromises, but the intelligence grows stale quickly and becomes less useful within 4 to 12 minutes, according to a recent survey of security professionals. The survey, conducted by the Ponemon Institute and funded by threat-intelligence provider Norse, found that 57 percent of the polled security professionals believe that the information on threats provided to their companies is too old to be useful, leading to $10 million in annual costs to mitigate exploits of their network. However, if data on threats is received within 60 seconds of a compromise, companies can save, on average, $4 million, the Ponemon study found. "Whether intelligence is actionable is inextricably linked to time," Larry Ponemon, chairman of the Ponemon Institute, told eWEEK. "The make-or-break point—when you start to lose value—is measured in minutes, not in days or weeks." The security industry has increasingly focused on gathering intelligence on the threats targeting companies to give businesses as much information as possible to prevent attacks. One major focus is synthesizing information from the variety of information produced during the daily operating of a large enterprise's network. This "big data" collection promises to allow companies to have better insight into the operations of the network and catch any attacker who starts impacting that operation.
Another focus, however, is delivering information on the changing global threat landscape so that companies can be warned if legitimate-looking traffic is communicating with a known bad part of the Internet.