Most organizations overwhelmingly value threat intelligence sharing, but are having difficulty dealing with the sheer volume of data that needs to be analyzed, according to Enterprise Strategy Group’s (ESG) Threat Intelligence Survey of 304 IT professionals.
The study found that 94 percent of respondents overwhelmingly believe it is highly or somewhat valuable to share threat intelligence information between federal agencies and other private organizations.
Nearly all participants (97 percent) said that standards are very important or somewhat important for their organizations to consume threat intelligence.
"I was surprised that so many organizations have threat intelligence programs and that they are investing lots of money into their success," Jon Oltsik, senior principal analyst at ESG, told eWEEK. "I was also surprised how willingly many organizations share their own threat intelligence. Clearly, CISOs are realizing the importance and benefits associated with threat intelligence today and are placing bets for the future."
However, only 37 percent of respondents’ organizations regularly share internally- driven threat intelligence with other organizations or industry information sharing and analysis centers (ISACs).
Nearly three-quarters (72 percent) of participants responded that spending on their organization’s threat intelligence program will increase significantly or somewhat in the next 12 to 18 months.
Oltsik noted there are several challenges businesses face when trying to deploy a threat intelligence strategy.
"First, lots of threat intelligence collection and analysis is performed as a manual process today. Threat indicators literally come in as email text, and this text has to be manually input into another system," he said. "Second, many firms lack any type of threat intelligence analytics system, so they build their own or rely on open source tools. Third, aside from big financial services firms and defense contractors, there are not a lot of threat intelligence skills out there so many organizations are relying on on-the-job training."
According to the survey, some of the top challenges to collecting and analyzing external threat intelligence include difficulty getting a holistic picture of internal and external threats (32 percent), and inadvertently blocking legitimate traffic as a result of a problem with threat intelligence collection or analysis (32 percent).
Other issues include threat intelligence collection and analysis workflow process and integration problems (31 percent), and threat intelligence not being always as timely or actionable as it is needed to be (28 percent).
In addition, just under three-quarters (72 percent) of organizations plan to collect and analyze significantly more or somewhat more internal threat intelligence over the next 12 to 24 months, while 55 percent of organizations plan to collect and analyze significantly more or somewhat more external threat intelligence over the next 12 to 24 months.
"Organizations need to operationalize threat intelligence programs, which means they need training and infrastructure, and these will require time and money," Oltsik said. "They will have to learn about threat intelligence standards and incorporate them into their internal systems. They will have to learn what information they want to redact when they share threat intelligence and they’ll need a process to do this. Finally, they will need to integrate threat intelligence into their security and IT infrastructure to automate remediation tasks."