Infoblox Inc., the network control company, has released the results of its third annual study on the state of threat intelligence exchange conducted by the Ponemon Institute.
The report titled Exchanging Cyber Threat Intelligence: There Has to Be a Better Way found that while security professionals are increasingly recognising the importance of threat intelligence, the majority remain dissatisfied with its accuracy and quality.
Meanwhile, because many security teams still execute threat investigations solo rather than pooling intelligence, their ability to quickly act on threats is limited. The report found that 67% of IT and security professionals spend more than 50 hours per week on threat investigations, instead of efficiently using security resources and sharing threat intelligence.
In a world where cyber criminals are becoming increasingly stealthy and sophisticated, with new threats on the rise ranging from ransomware to DNS hijacking, it is ineffective and costly for companies to defend themselves against cybersecurity threats alone.
According to the 1,200 IT security practitioners surveyed in the United States and EMEA, the consumption and exchange of threat intelligence has increased significantly since 2015. Despite the increase in the exchange and use of threat intelligence, most respondents from the survey are not satisfied with the current quality of the data.
Lack of accuracy and timeliness is among the top complaints about threat intelligence, which in turn hinders its effectiveness and security teams’ ability to quickly mitigate threats. In fact, only 31% of respondents cited threat intelligence as actionable. But exchanging threat intelligence among peers, industry groups, IT vendors and government bodies can result in more holistic, accurate and timely threat intelligence and a stronger security posture.
Two-thirds of respondents (66%) reported that threat intelligence could have prevented or minimised the consequence of a data breach or cyber-attack, indicating that more infosecurity professionals are realising the importance of threat intelligence.
“Cybersecurity takes a village, and this survey spotlights a real need for the cybersecurity community and public sector to better co-operate and communicate to share intel on security threats,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.
“More accurate and comprehensive exchange of threat intelligence will speed our ability to respond to attacks and will result in stronger defence against cyber-threats, whether that’s amongst enterprises or our nation’s critical infrastructure.”
The vast majority of respondents are focused on threat sharing, with 84% of organisations fully participating or partially participating in an initiative or programme for exchanging threat intelligence with peers and/or industry groups. But most of these organisations are only participating in peer-to-peer exchange of threat intelligence (65%) instead of a more formal approach such as threat intelligence exchange services or consortium, which contributes to the dissatisfaction with the quality of the threat intelligence obtained.
“There’s a real need for actionable, timely and effective threat intelligence sharing,” said Jesper Andersen, CEO of Infoblox.
“As industry players, we have a responsibility to our customers and consumers to make sure we’re doing everything to facilitate comprehensive threat intelligence within the ecosystem. This means establishing an exchange platform that enables sharing that is trusted, neutral and offers a 360-degree view of market threats.”
Other key findings from the survey include:
- Most respondents believe threat intelligence improves situational awareness, with an increase from 54% of respondents in 2014 to 61% of respondents in this year’s study
- A total of 66% of respondents say shared information is not timely and 41% say it is too complicated
- Potential liability and lack of trust in intelligence providers prevent some organisations from fully participating in threat intelligence exchange programmes, with 58% and 60% respectively citing these concerns
- While the value of threat intelligence declines within minutes, only 24% of respondents say they receive threat intelligence in real time (9%) or hourly (15%)
- A total of 73% of respondents say they use threat indicators and the most valuable types of information are indicators of malicious IP addresses and malicious URLs
“This report is an excellent follow-up to our recently organised Security and Next Gen Data Centre roadshow event in Dubai in terms of helping IT managers, CIOs and security teams understand how to make their organisations more secure, while ensuring high availability in the face of increasing cyber-attacks,” said Ashraf Sheet, Regional Director Middle East and Africa at Infoblox.