50+ Cyber Security Courses at SANS 2020 in Orlando! Save up to $150 thru 3/4.


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Cyber Threat Intelligence (CTI) Maturing: Results of the 2020 SANS CTI Survey

CTI Maturing; More Collaboration; More Definition of Requirements

  • Bethesda, MD
  • February 3, 2020

In the past few years, CTI has evolved from small, ad hoc tasks performed disparately across an organization to, in many cases, robust programs with their own staff, tools and processes that support the entire organization, according to the SANS 2020 CTI Survey to be released by SANS Institute in a two part webcast series at 1 PM Eastern on Tuesday, February 11 and Thursday, February 13, 2020.

“In the past three years, we have seen an increase in the percentage of respondents choosing to have a dedicated team over a single individual responsible for the entire CTI program,” says survey author and SANS instructor Robert M. Lee.

In fact, survey results indicate that just less than 50% of respondents’ organizations have a team dedicated to CTI, up from 41% in 2019. While the number of organizations with dedicated threat intelligence teams is growing, results also demonstrate a move toward collaboration, with 61% reporting that CTI tasks are handled by a combination of in-house and service provider teams.

“We continue to see an emphasis on partnering with others, whether through a paid service provider relationship or through information-sharing groups or programs,” continues Lee. “Collaboration within organizations is also on the rise, with many respondents reporting that their CTI teams are part of a coordinated effort across the organization.”

Another sign of maturity is the definition and documentation of intelligence requirements. The number of organizations reporting a formal process for gathering requirements increased 13% from last year, to almost 44% in 2020. This makes the intelligence process more efficient, effective and measurable—keys to long-term success.

Full results will be shared during a February 11 webcast at 1 PM Eastern, sponsored by Anomali, DomainTools, EclecticIQ, Infoblox, Recorded Future, Sophos, ThreatConnect, and ThreatQuotient, and hosted by SANS. Register to attend the webcast at https://www.sans.org/webcasts/112005

A February 13 webcast will feature a panel discussion on key issues on CTI at 1 PM Eastern, sponsored by Anomali, DomainTools, and ThreatConnect, and hosted by SANS. Register to attend the webcast at https://www.sans.org/webcasts/112010

Those who register for these webcasts will also receive access to the published results paper developed by SANS Analyst and cyber intelligence expert, Robert M. Lee.

Tweet This:

SANS 2020 CTI Survey Results Webcast | 2/11 at 1 PM ET | Register @ https://www.sans.org/webcasts/112005

@RobertMLee discusses the SANS CTI survey and related trends on 2/11 @ 1 PM Eastern | Register today at https://www.sans.org/webcasts/112005

Listen in as @RobertMLee and survey sponsors talk about CTI and its implementation | 2/13 @ 1 PM Eastern | Register at https://www.sans.org/webcasts/112010

@ RobertMLee and industry veterans discuss key issues related to CTI maturation | 2/13 @ 1 PM Eastern | https://www.sans.org/webcasts/112010

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)