ESG Threat Intelligence Research Project

Transcription

1 TM Enterprise Strategy Group Getting to the bigger truth. ESG Threat Intelligence Research Project May 2015 Jon Oltsik, Senior Principal Analyst

2 Project Overview 304 completed online surveys with IT professionals who are directly involved in the planning, implementation, and/or daily operations of their organization s threat intelligence program, processes, or technologies All respondent organizations currently have a threat intelligence program in place and use external threat intelligence data sources Enterprise organizations (defined as organizations with 1,000 employees or more) in North America Multiple industry verticals including financial, business services, manufacturing and retail 2

3 Value of Threat Intelligence Sharing Between Federal Agencies and Private Organizations The US government is pushing initiatives and legislation to enable threat intelligence sharing between federal agencies and private organizations. In your opinion, how valuable would this type of program be for your organization? (Percent of respondents, N=304) Not very valuable, 4% Don t know, 1% Highly valuable, 50% Somewhat valuable, 44% 3

4 Sharing of Internally-derived Threat Intelligence with Other Organizations/Industry ISACs Does your organization share internally-derived threat intelligence with other organizations and/or industry ISACs? (Percent of respondents, N=304) 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 37% Yes, my organization regularly shares internallyderived threat intelligence with other organizations and/or industry ISACs 45% Yes, my organization shares internally-derived threat intelligence with other organizations and/or industry ISACs from timeto-time but not on a regular basis 10% No, my organization does not share internallyderived threat intelligence with other organizations and/or industry ISACs today but we plan to do so within the next 12 to 24 months 5% No, my organization does not share internallyderived threat intelligence with other organizations and/or industry ISACs today but we are interested in doing so sometime in the future 2% 1% No, my organization does not share internallyderived threat intelligence with other organizations and/or industry ISACs today and we have no plans or interest in doing so in the future Don t know 4

5 Top 3 Challenges Experienced with Collecting and Analyzing External Threat Intelligence Question: Which of the following challenges has your organization experienced with regard to collecting and analyzing external threat intelligence? (Percent of respondents, N=304, multiple responses accepted) 32% of organizations have inadvertently blocked legitimate traffic as a result of a problem with their threat intelligence. 32% of organizations threat intelligence is collected and analyzed by different individuals, making it difficult to get a holistic picture of internal and external threats. 31% of organizations have threat intelligence collection and analysis workflow, process and integration problems. 5

6 Future Spending on Threat Intelligence 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% Which of the following best describes your organization s future spending on its threat intelligence program? (Percent of respondents, N=304) 27% Spending on my organization s threat intelligence program will increase significantly in the next 12 to 18 months 45% Spending on my organization s threat intelligence program will increase somewhat in the next 12 to 18 months 25% Spending on my organization s threat intelligence program will remain about the same in next 12 to 18 months 2% 1% Spending on my organization s threat intelligence program will decrease somewhat in the next 12 to 18 months Spending on my organization s threat intelligence program will decrease significantly in the next 12 to 18 months 6

7 Organization s Plans for Internal and External Threat Intelligence As part of its overall cybersecurity strategy, which of the following statements best characterizes your organization s plans for internal and external threat intelligence? (Percent of respondents, N=304) Internal threat intelligence External threat intelligence 40% 35% 30% 25% 20% 35% 24% 37% 31% 21% 19% 19% 15% 10% 5% 0% My organization plans to collect and analyze significantly more over the next 12 to 24 months My organization plans to collect and analyze somewhat more over the next 12 to 24 months My organization plans to collect and analyze about the same amount over the next 12 to 24 months as it does today 4% My organization plans to collect and analyze somewhat less over the next 12 to 24 months 6% 2% 1% My organization plans to collect and analyze significantly less over the next 12 to 24 months 1% Don t know 7

8 Top 3 Objectives of Organizations Threat Intelligence Programs Question: Which of the following would you characterize as the top three objectives of your organization s threat intelligence program? (Percent of respondents, N=304, three responses accepted) 38% seek to improve automated incident prevention. 33% seek to use threat intelligence to automate security operations and remediation activity. 28% seek to establish a central threat intelligence service to guide the cybersecurity activities of smaller units within the organization. 8

9 Importance of Threat Intelligence Standards How important are these sharing standards to your organization? (Percent of respondents, N=280) Not very important, my organization doesn t mandate the use of threat intelligence that meet the sharing standards, but we plan on doing so sometime in the future, 3% Somewhat important, my organization would like threat intelligence to meet one of the sharing standards but it s not mandatory, 46% Very important, my organization will not consume any threat intelligence unless it meets those standards, 51% 9

10 Demographics (n=304) Respondents by Threat Intelligence Purchasing Responsibility: 80% of respondents make or approve purchase decisions related to their organization s threat intelligence program; 20% influence purchase decisions for their organization s threat intelligence program. Respondents By Current Responsibility: 58% of respondents in Senior IT management role (e.g. CIO, VP of IT, Director of IT, etc.); 29% IT management; 5% Senior information security management (e.g. CISO, CSO, etc.); 4% IT staff; 4% information security management; 1% information security staff. Respondents by Total Number of Employees Worldwide: 35% between 1,000-2,499; 24% between 2,500-4,999; 13% between 5,000-9,999; 6% between 10,000-19,999; 6% between 20,000-29,999; 4% between 30,000-39,000; 10 % between 40,000-49,000; 4% with 50,000 or more. Respondents by Primary Industry: 23% financial (banking, securities, insurance); 22% manufacturing; 11% health care; 11% retail/wholesale; 8% business services (accounting, legal, consulting, etc.); 6% government (federal, national, state, province, local); 6% communications and media; 15% other. Respondents by Organization s Total Revenue ($US): 2% less than $50 million; 2% $ million; 5% $ million; 8% $ million; 17% $ million; 15% $ billion; 20% $ billion; 19% $ billion; 11% $20 billion or more; 2% not applicable (public sector, non profit, etc.) 10

11 Threat Intelligence Solution

12 Vorstack Value Delivered for Customers Vorstack provides a holistic picture of internal and external threats for enterprises Solves the #1 challenge of enterprises in their TI Program Vorstack enables sharing with or without attribution Makes it easier to support sharing based on defined policies Vorstack addresses the Automation objectives Top 2 objectives of TI Program Vorstack uses STIX /TAXII, Cybox and other standards Just what the top enterprises desire Vorstack delivers actionable threat intelligence in minutes by reducing the noise inherent in threat data and enabling secure and controlled information sharing without attribution.

13 Vorstack ACP Enterprise Threat Feeds Vorstack ACP Query Query Query Query Log Store or SIEM Query ACP Dashboard Trusted Circles