Train From Home on Your Schedule with OnDemand - Special Offers Available Now

Press

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Cyberthreat Intelligence Improving Visibility, But Confusion Prevails: A SANS Survey

Cyberthreat Intelligence Use, Important to Security, Benefits

  • Bethesda, MD
  • February 09, 2015

When it comes to the use of cyberthreat intelligence (CTI), organizations are scrambling to deploy and use these capabilities, even though they don't even vaguely understand what cyberthreat intelligence is or how it ties in with their defensive and response systems.

According to the SANS Cyberthreat Intelligence Survey, 69% of respondents report implementing CTI to at least some extent.

"Organizations are struggling to gain insight into attacker techniques and tools, and cyberthreat intelligence (CTI) may be able to help security teams understand what to look for in their environments," says SANS Analyst and instructor Dave Shackleford who authored the report. "Unfortunately, only 27% of organizations have fully embraced CTI today, although more are starting to focus on CTI and make investments in technology and staff to help with this."

Survey results show that 75% find CTI important to security of their assets, with 55% using security information and event management systems and 54% relying on intrusion monitoring platforms to aggregate, analyze and present CTI information to analysts. Sources of intelligence vary. However, 76% get intelligence from the security community, while 56% use vendor-driven intelligence feeds.

Says Shackleford, "The great news is that teams actively using CTI data in their detection and response programs are seeing immediate benefits."

Those benefits include improved context, accuracy and speed in monitoring and incident handling. He adds, "Over 60% of respondents felt that CTI has improved their visibility into attack methodologies within their environments, and over 50% believed that CTI significantly improved their detection and response accuracy."

Full results, along with best practices advice from the author and sponsors, will be shared during a two-part webcast at 1 PM EST on Tuesday, February 17 and Thursday, February 19, sponsored by AlienVault, Arbor Networks, BeyondTrust, Bit9 + Carbon Black, SurfWatch Labs, and ThreatStream, and hosted by SANS.

Register to attend the webcasts at www.sans.org/u/137 and www.sans.org/u/13c

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and cybersecurity expert, Dave Shackleford.

Tweets:

Get #Cyberthreat Intel Smart in 2 webcasts: 2/17 bit.ly/CTISurveyResults AND 2/19 bit.ly/CTISurveyResults2 #infosec

Who's Using #Cyberthreat Intel & How? TWO Webcasts: 2/17 bit.ly/CTISurveyResults AND 2/19 bit.ly/CTISurveyResults2 #infosec

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)