Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

Similar documents
Research Report. Abstract: The Impact of Big Data on Data Analytics. September 2011

Research Report. Abstract: Social Enterprise Adoption Trends. June 2012

Online File Sharing and Collaboration: Deployment Model Trends

Research Report. Remote Office/Branch Office Technology Trends. July 2011

The Convergence of Big Data Processing and Integrated Infrastructure

Trends in Private Cloud Infrastructure

Data Protection-as-a-service (DPaaS) Trends

Cloud Computing Adoption Trends:

Platform-as-a-service Language Use Study

ESG Threat Intelligence Research Project

Cybersecurity Skills Shortage: A State of Emergency

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Research Perspectives

Enterprise Strategy Group Getting to the bigger truth. By Bill Lundell, Senior Research Analyst and John McKnight, VP Research and Analysts

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

White. Paper. Rethinking Endpoint Security. February 2015

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Is your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242)

Getting on the Road to SDN. Attacking DMZ Security Issues with Advanced Networking Solutions

Total year-over-year spending change in networking, (Percent of respondents) 37% 36% 35% 37% 29% 26% 16% 13% 0% 20% 40% 60% 80%

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

The ESG Cybersecurity Maturity Model

White. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Network Security Trends in the Era of Cloud and Mobile Computing

Solution Impact. Analysis. NEC Powers ServIT's Custom Hosting Solutions. September, 2011

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.

A Comparative TCO Study: VTLs and Physical Tape. With a Focus on Deduplication and LTO-5 Technology

Compensating Security Controls for Windows Server 2003 Security

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

ESG Research Final Sponsor Report

White. Paper. The Rise of Network Functions Virtualization. Implications for I/O Strategies in Service Provider Environments.

This ESG White Paper was commissioned by Extreme Networks and is distributed under license from ESG.

Varonis: Secure Enterprise Collaboration and File Sharing Date: June 2015 Author: Terri McClure, Senior Analyst; and Leah Matuson, Research Analyst

This ESG White Paper was commissioned by DH2i and is distributed under license from ESG.

EMC s Enterprise Hadoop Solution. By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst

The Challenge. ESG Case Study

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

White. Paper. The SMB Market is Ready for Data Encryption. January, 2011

Product Brief. Overview. Analysis

WHITE PAPER: THREAT INTELLIGENCE RANKING

White. Paper. The Application Deluge and Visibility Imperative: How to ensure network performance for your business-critical applications

HGST Object Storage for a New Generation of IT

Cisco Systems and the Migration from Network Access Control (NAC) to Endpoint Visualization, Access, and Security (EVAS)

Transcription:

Research Report Abstract: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices By Jon Oltsik, Senior Principal Analyst With Bill Lundell, Senior Research Analyst and Jennifer Gahm, Senior Project Manager June 2015

Introduction Research Objectives Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices In order to assess how enterprise organizations are collecting, processing, analyzing, and operationalizing their threat intelligence programs, ESG surveyed 304 IT and information security professionals representing enterpriseclass (1,000 employees or more) organizations in North America. All respondents were involved in the planning, implementation, and/or daily operations of their organization s threat intelligence program, processes, or technologies. The survey and overall research project were designed to answer the following questions about: Threat intelligence programs 1. Do enterprise organizations have threat intelligence programs in place? 2. If so, how are they structured and funded? 3. How mature are these programs? 4. What are the primary objectives for threat intelligence programs? Threat intelligence knowledge and opinions 1. Do security professionals have adequate threat intelligence skills? 2. If not, where are the knowledge gaps? 3. What is driving threat intelligence program strategy? 4. What are the biggest threat intelligence challenges for organizations? The organization(s) responsible for threat intelligence programs 1. Which groups are responsible for threat intelligence programs today? Do multiple groups participate in these programs? 2. Who reviews threat intelligence and for what purposes? 3. What do organizations actually do with the threat intelligence they collect, process, and analyze? Endpoint security technologies 1. What types of internal and external threat intelligence data are organizations collecting? 2. How do they select external threat feeds and services? 3. Is threat intelligence data integrated with other security and IT technologies? 4. Are security professionals aware of threat intelligence standards? If so, are these standards important? Threat intelligence sharing 1. Are organizations sharing threat intelligence today? If so, is this a regular or ad-hoc occurrence? 2. Are organizations willing to share internally-derived threat intelligence with the US Government? If so, what types of programs and assurances would they want from Washington? Survey participants represented a wide range of industries including financial services, manufacturing, business services, communications and media, and government. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Research Methodology To gather data for this report, ESG conducted a comprehensive online survey of IT and information security professionals from private- and public-sector organizations in North America (United States and Canada) between February 27, 2015 and March 10, 2015. To qualify for this survey, respondents were required to be IT professionals directly involved in the planning, implementation, and/or daily operations of their organization s threat intelligence program, processes, or technologies. Respondent organizations also needed to currently be using external threat intelligence as part of its threat intelligence program. After filtering out unqualified respondents, removing duplicate responses, and screening the remaining completed responses (on a number of criteria) for data integrity, we were left with a final total sample of 304 IT and information security professionals. Please see the Respondent Demographics section of this report for more information on these respondents. Note: Totals in figures and tables throughout this report may not add up to 100% due to rounding.

Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices Respondent Demographics The data presented in this report is based on a survey of 304 qualified respondents. The figures below detail the demographics of the respondent base, including individual respondents current job functions, as well as respondent organizations total numbers of employees, primary industries, and annual revenues. Respondents by Current Job Function Respondents current job function within their organizations is shown in Figure 1. Figure 1. Survey Respondents by Current Job Function Which of the following best describes your current responsibility within your organization? (Percent of respondents, N=304) Information security management, 4% Information security staff, 1% Senior information security management (e.g., CISO, CSO, etc.), 5% IT staff, 4% IT management, 29% Senior IT management (e.g., CIO, VP of IT, Director of IT, etc.), 58% Source: Enterprise Strategy Group, 2015. Respondents by Number of Employees The number of employees in respondents organizations is shown in Figure 2. Figure 2. Survey Respondents by Number of Employees How many total employees does your organization have worldwide? (Percent of respondents, N=304) 40,000 to 49,999, 10% 50,000 or more, 4% 30,000 to 39,999, 4% 1,000 to 2,499, 35% 20,000 to 29,999, 6% 10,000 to 19,999, 6% 5,000 to 9,999, 13% 2,500 to 4,999, 24% Source: Enterprise Strategy Group, 2015.

Respondents by Industry Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices Respondents were asked to identify their organizations primary industry. In total, ESG received completed, qualified responses from individuals in 19 distinct vertical industries, plus an Other category. Respondents were then grouped into the broader categories shown in Figure 3. Figure 3. Survey Respondents by Industry What is your organization s primary industry? (Percent of respondents, N=304) Government (Federal/National, State/Province/Local), 4% Communications & Media, 6% Other, 15% Financial (banking, securities, insurance), 23% Business Services (accounting, consulting, legal, etc.), 8% Retail/Wholesale, 11% Health Care, 11% Manufacturing, 22% Source: Enterprise Strategy Group, 2015. Respondents by Annual Revenue Respondent organizations annual revenue is shown in Figure 4. Figure 4. Survey Respondents by Annual Revenue 25% 20% 15% 10% 5% What is your organization s total annual revenue ($US)? (Percent of respondents, N=304) 2% 2% 5% 8% 17% 15% 20% 19% 11% 2% 0% Less than $50 million $100 $50 million to $99.999 million to million $249.999 million $250 million to $499.999 million $500 million to $999.999 million $1 billion to $4.999 billion $5 billion to $9.999 billion $10 billion to $19.999 billion $20 billion or more Not applicable (e.g., public sector, non-profit) Source: Enterprise Strategy Group, 2015.

Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices Contents List of Figures... 3 List of Tables... 3 Executive Summary... 4 Report Conclusions... 4 Introduction... 7 Research Objectives... 7 Research Findings... 8 Threat Intelligence Program Overview... 8 Organizational Aspects of Threat Intelligence Program... 12 Threat Intelligence Data Sources... 17 Threat Intelligence Operations... 24 Threat Intelligence Standards... 27 Threat Intelligence Sharing... 30 Future Threat Intelligence Strategy and Planning... 35 Conclusion... 38 Research Implications for Cybersecurity Professionals... 38 Research Implications for Information Security Vendors... 40 Research Implications for Governments... 41 Research Methodology... 43 Respondent Demographics... 44 Respondents by Current Job Function... 44 Respondents by Number of Employees... 44 Respondents by Industry... 45 Respondents by Annual Revenue... 45

Research Report: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices List of Figures Figure 1. Length of Time Threat Intelligence Program Has Been in Place... 8 Figure 2. Maturity Level of Organization s Threat Intelligence Program... 9 Figure 3. Reasons for Establishing a Threat Intelligence Program... 10 Figure 4. Top Objectives of Organization s Threat Intelligence Program... 11 Figure 5. Individuals/Groups Most Responsible for Threat Intelligence Program... 12 Figure 6. Number of Individuals that Review Threat Intelligence Daily... 13 Figure 7. Staffing Level Dedicated to Threat Intelligence... 13 Figure 8. How Threat Intelligence Program Is Funded... 14 Figure 9. Respondents Rate Organization s Threat Intelligence Skills... 15 Figure 10. Metrics to Assess the Success of Threat Intelligence Program... 16 Figure 11. Types of Internal Data Collected and Analyzed Today... 17 Figure 12. Types of External Data Collected and Analyzed Today... 18 Figure 13 Number of Different External Threat Intelligence Sources Used... 19 Figure 14. Most Important Types of External Threat Intelligence Data... 20 Figure 15. Criteria Used to Evaluate and Choose External Commercial Threat Intelligence Feeds/Services... 21 Figure 16. Difficulty Determining Quality and Efficacy of Threat Intelligence Feeds... 22 Figure 17. Redundancy of Commercial Threat Intelligence Feeds... 23 Figure 18. Use of Threat Intelligence to Automate Prevention/Remediation Activities and Security Operations.. 24 Figure 19. Challenges Experienced with Collecting and Analyzing External Threat Intelligence... 26 Figure 20. Familiarity with Threat Intelligence Standards... 27 Figure 21. Importance of Threat Intelligence Standards... 28 Figure 22. Use of Threat Intelligence Standards and Open Source Tools... 29 Figure 23. Sharing of Internally-derived Threat Intelligence with Other Organizations/Industry ISACs... 30 Figure 24. Value of Threat Intelligence Sharing Between Federal Agencies and Private Organizations... 31 Figure 25. Willingness to Share Threat Intelligence with US Government Agencies... 32 Figure 26. Filtering of Internally-derived Threat Intelligence Shared with Other Organizations/Industry ISACs... 33 Figure 27. Actions US Government Would Need to Take to Make a Public/Private Threat Intelligence Sharing Program Valuable... 34 Figure 28. Future Spending on Threat Intelligence... 35 Figure 29. Organizations Plans for Internal and External Threat Intelligence... 36 Figure 30. Actions Organizations Will Take to Support Their Threat Intelligence Programs... 37 Figure 31. Survey Respondents by Current Job Function... 44 Figure 32. Survey Respondents by Number of Employees... 44 Figure 33. Survey Respondents by Industry... 45 Figure 34. Survey Respondents by Annual Revenue... 45 List of Tables Table 1. Length of Time Threat Intelligence Program Has Been in Place, by Company Size... 9 Table 2. Areas in Which Threat Intelligence Skills Are Fair or Poor, by Industry... 16 Table 3. Difficulty Determining Quality and Efficacy of Threat Intelligence Feeds, by Industry... 23 Table 4. Use of Threat Intelligence to Automate Prevention/Remediation Activities and Security Operations, by Industry... 25 Table 5. Familiarity with Threat Intelligence Standards, by Company Size... 28 Table 6. Importance of Threat Intelligence Standards, by Company Size... 29 Table 7. Willingness to Share Threat Intelligence with US Government Agencies, by Company Size... 32 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

20 Asylum Street Milford, MA 01757 Tel: 508.482.0188 Fax: 508.482.0128 www.esg-global.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information