ArticlesC2 Fall 2022 The Struggle with Threat Intelligence by Kevin Swan October 16, 2022 written by Kevin Swan October 16, 2022 Driven by a vast majority of security professionals who consider cyber threat intelligence a valuable resource in finding and dealing with security threats, the adoption of threat intelligence services and capabilities continues to take off. Yet, security analysts continue to slowly adopt the technology needed to make better use of threat data. In fact, “taking advantage of cyber threat intelligence” represented one of the top security challenges for nearly 30% of respondents according to the 2021 State of Security Operations Report published by CyberRes. Source: 2021 State of Security Operations Report Threat Intelligence Today Almost every security professional considers threat intelligence to be valuable. A recent report by Dark Reading found that 94% of respondents—44% strongly agree and 50% somewhat agree —considered that threat intelligence services and feeds “will help their company get ready for and repulse malware attacks.” No respondent strongly disagreed with the statement. Beyond those general sentiments, however, companies continue to have extremely varied approaches. The largest share of firms (40%) review their cyber threat intelligence needs on only an ad-hoc basis, while 16% conduct such reviews yearly, and 25% conduct reviews at least monthly, according to the SANS 2022 Cyber Threat Intelligence Survey. Cyberthreat intelligence platforms are not yet among the top 3 tools used by Cyber threat intelligence (CTI) teams, according to the CyberRes report. Less than 60% of firms have a threat intelligence platform in place, behind other tools such as security information and event management (SIEM), security log management, and security orchestration, automation, and response (SOAR). In fact, security analysts seem wary of threat intelligence platforms. Most still use spreadsheets and e-mail as their main tools for processing and managing threat data, according to the SANS report. “[R]espondents reported emailed documents as the most common way they disseminate CTI, followed by reports,” the report stated. “Both of these indicate a narrative form of threat intelligence dissemination rather than just technical pieces of information such as IP addresses and domains.” More than half of practitioners used a homegrown approach to CTI analysis and reporting. A Starting Point CyberRes Galaxy was created to be used as a starting point for companies who want relevant and customized threat intelligence. Security professionals always have more work to do than time and resources allow, and Galaxy offers the tools to help. With Galaxy Online, users can see threats that have significance to the region or industry they are part of, so they can implement their protections accordingly. With CyberRes Galaxy Threat Acceleration Program Plus (GTAP+), ArcSight users can stop breaches before they occur by implementing a threat intelligence feed that’s always on, and always up to date. Conclusion Overall, the landscape of threat intelligence is wide open, allowing companies with the expertise to develop their own in-house fusion of data and tools, but also allowing less mature firms to subscribe to threat-intelligence brokering services. Even though the adoption of threat intelligence feeds has increased over the years, implementing threat intelligence remains a struggle. Security managers need to assess their current resources to make sure they’re extracting the full value of their intelligence, without putting undue stress on an overworked security team. Connect with us Join our Community. Have technical questions about Security Operations? Visit the ArcSight User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an Idea or Product Enhancement Request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below. 2021 State of Security Operations ReportArcSightArcSight User Discussion ForumConnect ConvergeConnect HPE User CommunityConnect WorldwideConnectConvergecyber threat intelligenceCyberResCyberRes GalaxyCyberRes Galaxy Threat Acceleration Program Plus (GTAP+)CyberRes VoltageCyberRes Voltage Data Privacy and Protection portfolioCybersecurityCyberthreat intelligence platformsDigital transformationHewlett Packard EnterpriseHPEHPE user communityHPE User GroupKevin Swanmalware attacksSANS 2022 Cyber Threat Intelligence Surveysecurity analystssecurity information and event managementSecurity professionalssecurity threatsSIEMSOARThreat Intelligence 0 comment 0 FacebookTwitterPinterestEmail Kevin Swan Kevin Swan is a Product Marketing Manager for CyberRes, a Micro Focus line of business. He enjoys gathering and analyzing consumer insights to guide innovation in products and product messaging. With experience in IT sales and a focus on security analytics, he currently manages marketing efforts for CyberRes’ threat intelligence and security operations solutions. previous post Modernize your data management with HPE GreenLake and Cohesity next post Are we on the path to a National Data Privacy Law? You may also like Historic collaboration: Next-gen virtual infrastructure accelerates apps, boosts... October 16, 2022 Modernize the hospital data center with personalized healthcare... October 16, 2022 Are we on the path to a National... October 16, 2022 Modernize your data management with HPE GreenLake and... October 16, 2022 Introducing Qualcomm Cloud AI 100 Accelerators for HPE... October 16, 2022 Recap HPE Discover 2022 October 16, 2022 Making App Modernization Easier with HPE and vFunction October 16, 2022 The Insider Threat Problem: Your biggest threat may... October 16, 2022 Accelerate and Automate SAP HANA Security Compliance with... October 16, 2022 Boost your IT career prospects with the help... October 16, 2022