IT security leaders seeking to boost internal threat intelligence (TI) programs would prefer to delegate five out of eight major TI aspects to external vendors rather than develop them in-house, according to a commissioned survey conducted by Forrester Consulting on behalf of Kaspersky.
For most respondents, quicker threat detection, remediation and response are the main advantages of using external solutions.
Threat intelligence has become a must-have for incidents’ prevention and an important area for organisations to invest in. At the same time, this new specialty remains challenging for IT security teams because it requires constant tracking, analysing and interpreting of large amounts of fragmented data in addition to regular reevaluation and adjusting of appropriate skills, sources and tools.
The new study, evaluating threat intelligence practices among firms with mature cyber security functions¹, revealed that although 83% of decision-makers recognise the crucial role of threat intelligence in building a resilient cybersecurity program and plan to invest in the area, TI remains a challenging specialty for all firms.
Close to two-thirds of IT security leaders (64%) said their firm struggles to align their threat intelligence program with their risk management program, and 62% face difficulties implementing measurement procedures to track threat intelligence effectiveness. Other major concerns include improving knowledge of the threat landscape, prioritising multiple stakeholder requirements for information, and identifying gaps in data.
To tackle these challenges and improve their threat intelligence program, IT security decision-makers plan to implement a range of measures internally and leverage vendors’ offerings.
Respondents believe it is more efficient to lean on external vendors for the majority of TI needs. Six in 10 (61%) would put support in place for processing raw intelligence information, 60% for collecting human intelligence and 59% for integrating data feeds with other security tools.
However, firms still prioritise developing in-house capabilities for choosing and aggregating data sources.
The top two benefits of using vendors’ support are quicker threat detection, remediation and response (56%) and improved efficiency with automated reporting processes (52%). About half of respondents also said external solutions can reduce the number of breaches and lower associated costs.
“Threat intelligence program strengthens a company’s defense, contributing to visibility over the threat landscape by providing relevant and applicable insights,” comments Artem Karasev, product marketing lead: corporate product marketing at Kaspersky. “Facilitating threat intelligence processing and analysis it enables companies to make timely and fully-informed decisions.
“However, evaluating TI services and choosing among the innumerable available market options is another challenge that confronts IT security teams.
“Our experience in threat research suggests that while there are virtually no criteria perfectly applicable for all organisations, the guiding principle for choosing external threat intelligence sources should be quality over quantity.”