Toward Strategic and Proactive Threat Intelligence Programs

In 2015, ESG did an in-depth research project on cyber threat intelligence usage at enterprise organizations (i.e., more than 1,000 employees). The goal of this project was to determine how large firms were using threat intelligence, what challenges they faced, how they were addressing these challenges, and what their strategies were moving forward.

  • The research revealed that many threat intelligence programs were relatively immature – 40% of threat intelligence programs had been in place less than 2 years at that time. Cybersecurity professionals were also asked to identify the top objectives for their organization’s threat intelligence program. The top results were as follows:
Topics: Cybersecurity threat intelligence TAXII STIX cyber threat intelligence ISAC

More on operationalizing threat intelligence

Coming out of Black Hat a few weeks ago, it’s pretty frightening what’s going on with cyber-threats.  Overall malware volume is down but the number of variants has gone up precipitously. In fact, according to the Webroot threat report, about 97% of all malware variants are seen only one time. In other words, they are designed to target and attack specific organizations.

Topics: Cybersecurity threat intelligence security analytics

Operationalizing threat intelligence

In 2015, I conducted some in-depth research around enterprise organizations’ consumption, use, and sharing of threat intelligence (login required). Time and time again, I heard cybersecurity professionals proclaim that their organizations had to do a better job “operationalizing” threat intelligence. 

Topics: Cybersecurity threat intelligence

Threat intelligence gateways

According to ESG research, enterprise organizations continue to invest in all types of threat intelligence. For example, 60% of organizations have had a threat intelligence program in place for more than 2 years, 69% consume 6 or more open-source or commercial threat intelligence feeds as part of cybersecurity analytics efforts, and 72% of enterprises plan on increasing spending on their threat intelligence programs over the next 12 to 18 months.

Topics: Cybersecurity threat intelligence

Cybersecurity Industry News, 2/2016

Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far:

Topics: Cybersecurity threat intelligence incident response ICOPs

Blue Coat Doubles Down on CASB

The CASB market, as relatively new as it is, is experiencing an accelerated maturation process, looking at the number of acquisitions, late-stage venture funding, and the entry of established brands. And it makes perfect sense: controlling the access to SaaS apps and protecting the associated corporate data assets heading north to the cloud is a broad-based concern exacerbated by the BYOD and telecommuting aspects of mobility.

Last week's announcement of Blue Coat's acquisition of Elastica is a notable marker of the rapid evolution of this cybersecurity segment with the company clearly doubling down on the palpable cloud access and control security market opportunity by following up their July acquisition of Perspecsys to further bolster their CASB offering. Already possessing essential network-based elements in its ProxySG proxy gateway and SSL decryption products, Blue Coat has key solution components — and this acquisition warrants looking at how these pieces fit together and what this may portend for the CASB market.

Topics: Cybersecurity threat intelligence BlueCoat

Stop CISA!

I’ve been following cybersecurity legislation for a number of years, including all the proceedings with the Cybersecurity Information Sharing Act (CISA). After much deliberation, I believe that CISA remains fundamentally flawed and needs a lot more work before it becomes the law of the land. 

Topics: Cybersecurity threat intelligence CISA

Challenges around Operationalizing Threat Intelligence

When it comes to threat intelligence, there seem to be two primary focus areas in play: The threat intelligence data itself and the legislative rhetoric around threat intelligence sharing (i.e., CISA, CISPA, etc.). What’s missing? The answer to a basic question: How do organizations get actual value out of threat intelligence data and threat intelligence sharing in a meaningful way?

Topics: Cybersecurity threat intelligence threat intelligence sharing

Enterprise Threat Intelligence Programs Are Immature

It seems like everyone is talking about threat intelligence these days: the feds are promoting public/private threat intelligence sharing across the executive and legislative branches, and the industry is buzzing about threat intelligence feeds, sharing platforms, and advanced analytics. 

Topics: Cybersecurity threat intelligence threat intelligence sharing

Anticipating RSA 2015

The annual security geek-fest known as the RSA Security Conference is just 2 weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics. 

As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites and a constant barrage of hokey themed cocktail parties.

Topics: Network Security endpoint security threat intelligence IAM SDN cloud security