SANS 2021 Cyber Threat Intelligence (CTI) Survey Results

Bethesda, Md. – SANS Institute will release the results of the 2021 Cyber Threat Intelligence (CTI) Survey Tuesday, January 19 during a webcast featuring survey authors and SANS instructors Rebekah Brown and CTI expert Robert M. Lee.

Since 2017, SANS has seen steady growth in organizations that produce or consume CTI. While this year’s survey captured significant ways in which CTI work has changed, largely due to the impact of the coronavirus, there were also more subtle changes noted across this year’s responses with reversals of trends we had seen developing over the past several years.

In the past five years, SANS has seen in-house-only teams slowly decrease in percentage while hybrid-model teams increased. This year, that trend shifted with in-house teams increasing 5% from 2020 to 37%, and hybrid models decreasing 5% from 2020 to 56%.

The number of CTI functions supported by a single analyst is also at its highest since 2017, even as organizations depend more on their CTI functions for prioritization and protection of a suddenly remote workforce.

This reversal of past trends is not only indicative of the way that the workforce has been shaped by the coronavirus, but also shows how CTI functions are continuing to grow in capabilities and maturity—and not just in larger companies, but in smaller companies that are just starting to integrate CTI functions. Even with the difficulties this year brought, respondents who report that they have no plan to assign anyone to CTI functions is down to only 4%.

On Tuesday, January 19, Robert M. Lee will share the full results of the survey and give his perspectives on how organizations can get the most out of CTI. This survey is sponsored by Anomali, Cisco, DomainTools, Infoblox, Sixgill, and ThreatQuotient.

Register to attend the webcast.

On Wednesday, January 20, Robert M. Lee will also lead a panel discussion featuring guest speakers from Anomali, DomainTools, and Sixgill. They will take a deeper dive into the results of the SANS 2021 CTI Survey and explore major themes developed during the survey.

Register to attend the panel discussion.

Those who register for these webcasts will be among the first to receive the published results paper developed by Rebekah Brown and Robert M. Lee.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (