EDITOR’S QUESTION
IS CYBER THREAT
INTELLIGENCE
BECOMING
INCREASINGLY
IMPORTANT IN THE
BATTLE AGAINST
CYBERCRIME?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
S
ANS, the largest and most trusted
provider of cybersecurity training
and certification to professionals
worldwide, has released the results of
its annual SANS 2018 Cyber Threat
Intelligence Survey.
intelligence into their prevention, detection
and response strategies.
“As the threat landscape continues to change,
and with more advanced attackers than ever,
security teams need all the help they can
get to more effectively prevent, detect and
respond to threats,” said Dave Shackleford,
SANS Analyst and Senior Instructor.
The study sheds light on the evolution
of Cyber Threat Intelligence (CTI) in
cybersecurity and shows that CTI is maturing
as a discipline. CTI skill set in demand
In one of the clearest trends SANS has seen
in the last three years, respondents have
increasingly stated that CTI is improving
their prevention, detection and response
capabilities. In 2018, 81% of respondents
state their CTI implementations have
resulted in improvements, compared to 78%
in 2017 and 64% in 2016. However, finding skilled staff to operate
CTI consoles is getting more difficult,
despite the trends showing that CTI can
play an important role in an organisation’s
security strategy. In this year’s survey, 62%
of respondents cite a lack of trained CTI
professionals and skills as a major roadblock,
an increase of nearly 10% points over 2017.
In addition, the number of respondents
who answered ‘unknown’ has more than
halved since 2016, jumping from 34% in
2016 to 21% in 2017, and now to only
15% in 2018. This indicates that the more CTI is used
and consumed, the more this skill set is in
demand. It may therefore be much more
difficult to find staff members who are
experienced in setting up and operating CTI
programmes. Similarly, 39% cite a lack of
technical ability to integrate CTI tools into
the organisational environment.
A total of 68% of respondents say they
have implemented CTI this year and another
22% plan to introduce it in the future. Only
11% of companies have no plans to do so,
falling from 15% in the previous year. This
indicates that CTI is becoming more useful
overall, especially to security operations
teams that are working hard to integrate
34
INTELLIGENTCIO
Better visibility and improved
security operations
As a result of their CTI programme efforts,
respondents report better visibility and
improved security operations. For example,
71% indicate overall satisfaction with
visibility into threats and indicators of
compromise (IoCs). When specifying
improvements, 70% of participants report
improved security operations, while 66%
cite improved ability to detect previously
unknown threats.
Responses to the 2018 survey reveal a
growing emphasis on CTI being used for
security operations tasks: detecting threats
(79%), incident response (71%), blocking
threats (70%) and threat hunting (62%).
The survey responses indicate that threat
intelligence is key in augmenting and
improving firewall rules, network access
control lists and reputation lists. Known sites
and indicators associated with ransomware
are then shared through threat intelligence,
allowing operations teams to quickly search
for existing compromise and proactively
block access from internal clients.
“Fortunately, many organisations are
sharing details about attacks and
attackers and numerous open source and
commercial options exist for collecting
and integrating this valuable intelligence,”
added Shackleford.
“All of this has resulted in improvements
in organisations’ abilities to improve
security operations and detect previously
unknown attacks.”
www.intelligentcio.com