According to ESG Research, 65% of organizations use external threat intelligence (i.e,. open source or commercial threat information) as part of their overall security analytics activities. This is yet another factor driving the intersection of big data and security analytics.
Of those enterprises that consume commercial threat intelligence, 29% say that it is “highly effective” in helping their organization address risk while another 66% say that commercial intelligence is “somewhat effective” in helping their organization address risk.
So how do some of the organizations use commercial threat intelligence so that it is “highly effective” in helping them reduce IT risk? ESG did some further data analysis to find out. It turns out that in these enterprises:
- Security intelligence is used to support other security objectives. Rather than use security intelligence as secondary data sources, “highly effective” organizations tended to have specific use cases and metrics for security intelligence. For example, many included security intelligence in formal risk management programs in order to fine-tune security controls, launch impromptu vulnerability scans, or lock down systems.
- Security intelligence feeds are integrated into SIEM and GRC tools. “Highly effective” push data feeds directly into their security management and analytics technologies in order to correlate external threat intelligence with internal status and activities. Interestingly, these firms are also replacing security point tools with centralized enterprise-class security management systems. Clearly these “highly effective” organizations are also on the leading edge of big data security analytics.
- Highly effective organizations share security intelligence across the organizations. These enterprises seem to get their money’s worth as they make sure that security, risk, compliance, privacy, IT, and executive managers have access to customized views of security intelligence that can help them with their individual tasks and responsibilities.
- Highly effective organizations supplement security intelligence with external expertise. Risk management and incident detection/response are difficult activities requiring resources and expertise. Given the current security skills shortage, “highly effective” enterprises are most likely to turn to professional and/or managed service providers for help in these areas.
Leading security vendors like IBM, McAfee, RSA, Sourcefire, and Symantec provided out-of-the-box security intelligence in their latest security management technologies. There are numerous industry Information Sharing and Analysis Centers (ISACs) for exchanging security data. The U.S. Federal government wants to increase public/private partnerships for security data sharing. All of these efforts are intended to make new sources of security data “highly effective” resources for risk management and incident detection/response. Following the 4 steps described above could really help industry consortiums and individual organizations achieve these goals.
Read our complete ESG Research Brief, Security Intelligence a Key Component of Big Data Security Analytics, for more findings from ESG’s research about security intelligence.