Threat intelligence has proven effective in stopping certain security incidents, but improvements are necessary to strengthen an organization’s security posture, according to a Webroot- commissioned survey of 693 U.S security professionals conducted by Poneman Institute.
Forty percent of companies surveyed had a material security breach in the past 24 months. Eighty percent said they believe if they’d had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack.
Almost half (49 percent) of respondents said they use "fee-based" sources of intelligence, stating free sources are inadequate for comprehensive threat analysis.
Over the next two years, one-third of respondents plan to increase their threat intelligence budget significantly, according to the report.
Chief information security officers are responsible for deciding which threat intelligence services to use at 24 percent of organizations, followed by line of business senior management (22 percent), and 18 percent say it is a shared responsibility.
On average, organizations report that using threat intelligence uncovered 35 cyber-attacks that eluded traditional defenses.
Real-time reputation intelligence is an effective way to detect and respond to malicious IPs the moment they appear within the infrastructure, according to 60 percent of respondents. Monitoring the good and bad IPs, URLs, files and mobile apps that are related to an unknown object is an effective way to predict if they pose a security risk, according to 53 percent of respondents.
In addition, continual monitoring and tracking of changes in IPs, URLs, files and mobile apps in real time is essential to decreasing security incidents, according to 54 percent of respondents.
The most useful information reported by companies using threat indicators are software vulnerability patch updates (67 percent), indicators of malicious IP addresses (57 percent) and indicators of malicious malware (55 percent).
Almost half of respondents are increasing the amount of intelligence data they receive to prevent or mitigate the consequences of an attack, and 56 percent said intelligence becomes stale within seconds or minutes. The more valuable features of a threat intelligence solution are the ability to implement intelligence and gauge the trustworthiness of the source in real time, respondents said.
The survey also indicated threat intelligence is mostly received by internal collection and analysis (71 percent) or threat advisories (64 percent).
Less than a quarter (24 percent) of respondents say they exchange threat intelligence with companies in the same industry.