ESG Threat Intelligence Research Project



Similar documents
Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

WHITE PAPER: THREAT INTELLIGENCE RANKING

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Research Perspectives

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Metrics that Matter Security Risk Analytics

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

QRadar SIEM and Zscaler Nanolog Streaming Service

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Research Report. Abstract: The Impact of Big Data on Data Analytics. September 2011

The Internet of Things: A CISO and Network Security Perspective

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Research Report. Remote Office/Branch Office Technology Trends. July 2011

RSA Security Analytics

An Analytics-based Approach to Cybersecurity

The Third Rail: New Stakeholders Tackle Security Threats and Solutions

Research Report. Abstract: Social Enterprise Adoption Trends. June 2012

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Combating a new generation of cybercriminal with in-depth security monitoring

FIVE PRACTICAL STEPS

The ESG Cybersecurity Maturity Model

White. Paper. Rethinking Endpoint Security. February 2015

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

Compensating Security Controls for Windows Server 2003 Security

ICIT - Institute for Critical Infrastructure Technology

Cyber Security Operations Center (CSOC) for Critical Infrastructure Protection

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

JobSuite Sample Workflow and Template

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

IT executive guide to security intelligence

Cisco Systems and the Migration from Network Access Control (NAC) to Endpoint Visualization, Access, and Security (EVAS)

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief

THE EVOLUTION OF SIEM

How To Manage Log Management

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Threat Intelligence Platforms: The New Essential Enterprise Software

Personal Security Practices of the CAO

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Network Security Deployment Obligation and Expenditure Report

Cybersecurity Skills Shortage: A State of Emergency

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Overcoming Five Critical Cybersecurity Gaps

The SIEM Evaluator s Guide

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

SQRRL ENTERPRISE Building the Modern Security Operations Center (SOC)

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Online File Sharing and Collaboration: Deployment Model Trends

The Art of Modern Threat Defense. Paul Davis Director, Advanced Threats Security Solution Architects

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

2010 State of Virtualization Security Survey

Next-generation Security Architecture for the Enterprise

2015 State of Artificial Intelligence & Big Data in the Enterprise

Redefining SIEM to Real Time Security Intelligence

How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

Field Research: Security Metrics Programs

Transcription:

TM Enterprise Strategy Group Getting to the bigger truth. ESG Threat Intelligence Research Project May 2015 Jon Oltsik, Senior Principal Analyst

Project Overview 304 completed online surveys with IT professionals who are directly involved in the planning, implementation, and/or daily operations of their organization s threat intelligence program, processes, or technologies All respondent organizations currently have a threat intelligence program in place and use external threat intelligence data sources Enterprise organizations (defined as organizations with 1,000 employees or more) in North America Multiple industry verticals including financial, business services, manufacturing and retail 2

Value of Threat Intelligence Sharing Between Federal Agencies and Private Organizations The US government is pushing initiatives and legislation to enable threat intelligence sharing between federal agencies and private organizations. In your opinion, how valuable would this type of program be for your organization? (Percent of respondents, N=304) Not very valuable, 4% Don t know, 1% Highly valuable, 50% Somewhat valuable, 44% 3

Sharing of Internally-derived Threat Intelligence with Other Organizations/Industry ISACs Does your organization share internally-derived threat intelligence with other organizations and/or industry ISACs? (Percent of respondents, N=304) 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 37% Yes, my organization regularly shares internallyderived threat intelligence with other organizations and/or industry ISACs 45% Yes, my organization shares internally-derived threat intelligence with other organizations and/or industry ISACs from timeto-time but not on a regular basis 10% No, my organization does not share internallyderived threat intelligence with other organizations and/or industry ISACs today but we plan to do so within the next 12 to 24 months 5% No, my organization does not share internallyderived threat intelligence with other organizations and/or industry ISACs today but we are interested in doing so sometime in the future 2% 1% No, my organization does not share internallyderived threat intelligence with other organizations and/or industry ISACs today and we have no plans or interest in doing so in the future Don t know 4

Top 3 Challenges Experienced with Collecting and Analyzing External Threat Intelligence Question: Which of the following challenges has your organization experienced with regard to collecting and analyzing external threat intelligence? (Percent of respondents, N=304, multiple responses accepted) 32% of organizations have inadvertently blocked legitimate traffic as a result of a problem with their threat intelligence. 32% of organizations threat intelligence is collected and analyzed by different individuals, making it difficult to get a holistic picture of internal and external threats. 31% of organizations have threat intelligence collection and analysis workflow, process and integration problems. 5

Future Spending on Threat Intelligence 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% Which of the following best describes your organization s future spending on its threat intelligence program? (Percent of respondents, N=304) 27% Spending on my organization s threat intelligence program will increase significantly in the next 12 to 18 months 45% Spending on my organization s threat intelligence program will increase somewhat in the next 12 to 18 months 25% Spending on my organization s threat intelligence program will remain about the same in next 12 to 18 months 2% 1% Spending on my organization s threat intelligence program will decrease somewhat in the next 12 to 18 months Spending on my organization s threat intelligence program will decrease significantly in the next 12 to 18 months 6

Organization s Plans for Internal and External Threat Intelligence As part of its overall cybersecurity strategy, which of the following statements best characterizes your organization s plans for internal and external threat intelligence? (Percent of respondents, N=304) Internal threat intelligence External threat intelligence 40% 35% 30% 25% 20% 35% 24% 37% 31% 21% 19% 19% 15% 10% 5% 0% My organization plans to collect and analyze significantly more over the next 12 to 24 months My organization plans to collect and analyze somewhat more over the next 12 to 24 months My organization plans to collect and analyze about the same amount over the next 12 to 24 months as it does today 4% My organization plans to collect and analyze somewhat less over the next 12 to 24 months 6% 2% 1% My organization plans to collect and analyze significantly less over the next 12 to 24 months 1% Don t know 7

Top 3 Objectives of Organizations Threat Intelligence Programs Question: Which of the following would you characterize as the top three objectives of your organization s threat intelligence program? (Percent of respondents, N=304, three responses accepted) 38% seek to improve automated incident prevention. 33% seek to use threat intelligence to automate security operations and remediation activity. 28% seek to establish a central threat intelligence service to guide the cybersecurity activities of smaller units within the organization. 8

Importance of Threat Intelligence Standards How important are these sharing standards to your organization? (Percent of respondents, N=280) Not very important, my organization doesn t mandate the use of threat intelligence that meet the sharing standards, but we plan on doing so sometime in the future, 3% Somewhat important, my organization would like threat intelligence to meet one of the sharing standards but it s not mandatory, 46% Very important, my organization will not consume any threat intelligence unless it meets those standards, 51% 9

Demographics (n=304) Respondents by Threat Intelligence Purchasing Responsibility: 80% of respondents make or approve purchase decisions related to their organization s threat intelligence program; 20% influence purchase decisions for their organization s threat intelligence program. Respondents By Current Responsibility: 58% of respondents in Senior IT management role (e.g. CIO, VP of IT, Director of IT, etc.); 29% IT management; 5% Senior information security management (e.g. CISO, CSO, etc.); 4% IT staff; 4% information security management; 1% information security staff. Respondents by Total Number of Employees Worldwide: 35% between 1,000-2,499; 24% between 2,500-4,999; 13% between 5,000-9,999; 6% between 10,000-19,999; 6% between 20,000-29,999; 4% between 30,000-39,000; 10 % between 40,000-49,000; 4% with 50,000 or more. Respondents by Primary Industry: 23% financial (banking, securities, insurance); 22% manufacturing; 11% health care; 11% retail/wholesale; 8% business services (accounting, legal, consulting, etc.); 6% government (federal, national, state, province, local); 6% communications and media; 15% other. Respondents by Organization s Total Revenue ($US): 2% less than $50 million; 2% $50-99.9 million; 5% $100-249.999 million; 8% $250-499.999 million; 17% $500-999.999 million; 15% $1-4.999 billion; 20% $5-9.999 billion; 19% $10-19.999 billion; 11% $20 billion or more; 2% not applicable (public sector, non profit, etc.) 10

Threat Intelligence Solution

Vorstack Value Delivered for Customers Vorstack provides a holistic picture of internal and external threats for enterprises Solves the #1 challenge of enterprises in their TI Program Vorstack enables sharing with or without attribution Makes it easier to support sharing based on defined policies Vorstack addresses the Automation objectives Top 2 objectives of TI Program Vorstack uses STIX /TAXII, Cybox and other standards Just what the top enterprises desire Vorstack delivers actionable threat intelligence in minutes by reducing the noise inherent in threat data and enabling secure and controlled information sharing without attribution.

Vorstack ACP Enterprise Threat Feeds Vorstack ACP Query Query Query Query Log Store or SIEM Query 1110100110 10100110 ACP Dashboard Trusted Circles

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information