CTI Uses, Successes and Failures: SANS Survey Results Released

Bethesda, Md. – Cyber threat intelligence (CTI) shows promise in making threats easier to detect and respond to, according to our most recent survey on cyber threat intelligence to be released by SANS Institute on March 15 and 16, 2017.

Survey results demonstrate that organizations are embracing CTI, with 60% of respondents reporting that they use CTI and another 25% planning to do so. Of those, 72% of respondents experienced improved visibility into threats and attack methodologies, while 63% report improving security operations, and the same percentage said CTI helped them detect unknown threats.

While CTI adherents find multiple improvements as a result of CTI, however, those benefits are often difficult to demonstrate to management.

"Each year more and more security teams find increasing value in CTI for security operations and response," says SANS Analyst and survey report author Dave Shackleford. "But we need better metrics and reporting so that we demonstrate its value to management stakeholders."

Lack of management buy-in was listed by one-third of respondents as an inhibitor to their CTI implementations. While that wasn't the biggest inhibitor, the top inhibitors--lack of trained staff with skills to utilize CTI, lack of funding, lack of time to implement new processes and lack of technical capabilities--are all inhibitors that could be minimized if upper management understood the value of implementing CTI. Providing that information requires the use of understandable metrics.

"When we can demonstrate the value that CTI brings in preventing, detecting, and responding to today's attacks," Shackleford continues, "We are likely to see CTI implementations become more commonplace, more mature and more important to security programs than ever before."

Full results will be shared during a two-part webcast at 1 PM Eastern on March 15 and March 16, sponsored by Anomali, Arbor Networks, DomainTools, LookingGlass Cyber Solutions, Rapid7, and ThreatConnect, and hosted by SANS. Register to attend the March 15 webcast at www.sans.org/webcasts/103432 and the March 16 webcast at www.sans.org/webcasts/103437

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst Dave Shackleford.

Tweet This:

Of the 60% using Cyberthreat Intelligence today, 72% improved their visibility; SANS survey Webcast | March 15 and 16 | www.sans.org/webcasts/103432

Staffing and lack of management buy-in inhibitors to Cyberthreat Intelligence implementations; SANS survey Webcast | March 15 and 16 | www.sans.org/webcasts/103432

Cyberthreat Intelligence in Action -- report by Dave Shackleford released in two-part presentation | March 15 and 16 | www.sans.org/webcasts/103432

Explore CTI staffing and deployment issues | March 15 | www.sans.org/webcasts/103432

Learn about the effectiveness of CTI and future needs | March 16 | www.sans.org/webcasts/103437

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)