Infoblox released the results of its third annual study on the state of threat intelligence exchange conducted by the Ponemon Institute. The report titled “Exchanging Cyber Threat Intelligence: There Has to Be a Better Way,” found that while security professionals are increasingly recognizing the importance of threat intelligence, the majority remain dissatisfied with its accuracy and quality. Meanwhile, because many security teams still execute threat investigations solo rather than pooling intelligence, their ability to quickly act on threats is limited. The report found that 67 percent of IT and security professionals spend more than 50 hours per week on threat investigations, instead of efficiently using security resources and sharing threat intelligence.
Lack of accuracy and timeliness is among the top complaints about threat intelligence, which in turn hinders its effectiveness and security teams’ ability to quickly mitigate threats. In fact, only 31% of respondents cited threat intelligence as actionable. But exchanging threat intelligence amongst peers, industry groups, IT vendors and government bodies can result in more holistic, accurate and timely threat intelligence and a stronger security posture. Two-thirds of respondents (66%) reported that threat intelligence could have prevented or minimized the consequence of a data breach or cyber-attack, indicating that more info security professionals are realizing the importance of threat intelligence.
“More accurate and comprehensive exchange of threat intelligence will speed our ability to respond to attacks and will result in stronger defense against cyber threats – whether that’s amongst enterprises or our nation’s critical infrastructure,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.
The vast majority of respondents are focused on threat sharing, with 84% of organizations fully participating or partially participating in an initiative or program for exchanging threat intelligence with peers and/or industry groups. But, most of these organizations are only participating in peer-to-peer exchange of threat intelligence (65%) instead of a more formal approach such as threat intelligence exchange services or consortium, which contributes to the dissatisfaction with the quality of the threat intelligence obtained.
“As industry players, we have a responsibility to our customers and consumers to make sure we’re doing everything to facilitate comprehensive threat intelligence within the ecosystem. This means establishing an exchange platform that enables sharing that is trusted, neutral and offers a 360-degree view of market threats,” said Jesper Andersen, CEO of Infoblox.
“This report is an excellent follow up to our recently organized ‘Security and Next Gen Data Centre’ roadshow event in Dubai in terms of helping IT managers, CIOs and security teams understand how to make their organizations more secure, while ensuring high availability in the face of increasing cyber-attacks,” concludes Ashraf Sheet, Regional Director Middle East & Africa at Infoblox.