Companies Outsource Threat Intelligence Tasks to External Support – Report – Back End News

According to a survey commissioned by Forrester Consulting on behalf of cybersecurity solutions company Kaspersky, IT security leaders looking to boost internal threat intelligence (IT) programs would prefer to delegate five of the eight major aspects of threat intelligence. (IT) threats to external vendors rather than developing them internally.

For most respondents, faster threat detection, resolution and response are the primary benefits of using external solutions.

Threat Intelligence has become a must for incident prevention and an important area in which organizations must invest. At the same time, this new specialty remains a challenge for IT security teams because it requires constant monitoring, analysis and interpretation of large amounts of fragmented data. data in addition to regular reassessment and adjustment of appropriate skills, sources and tools.

Kaspersky detects drop in mobile malware attacks in 2021
PH ranks 4th among countries most targeted by web threats — Kaspersky

The new study, assessing threat intelligence practices among companies with mature cybersecurity functions, found that although 83% of decision makers recognize the crucial role of threat intelligence in building a resilient cybersecurity program and plan to invest in the field, IT remains a specialty challenge for all companies.

Nearly two-thirds of IT security leaders (64%) said their organization struggled to align its threat intelligence program with its risk management program, and 62% struggled to implement measurement procedures to track the effectiveness of threat intelligence.

Other major concerns include improving knowledge of the threat landscape, prioritizing information requirements from multiple stakeholders, and identifying data gaps.

To address these challenges and improve their threat intelligence program, IT security decision makers plan to implement a series of measures internally and leverage vendor offerings. Respondents believe it is more efficient to rely on external vendors for the majority of IT needs.

Benefits of Vendor Support

Six in 10 respondents, or 61%, said they would implement support for processing raw information, 60% for collecting human intelligence, and 59% for integrating data feeds with other tools of security. However, companies still prioritize developing internal capabilities to choose and aggregate data sources.

The top two benefits of using vendor support are faster threat detection, remediation, and response (56%) and improved efficiency through automated reporting processes (52%). About half of respondents also said that external solutions can reduce the number of breaches and associated costs.

“The Threat Intelligence program strengthens a company’s defense, contributing to visibility into the threat landscape by providing relevant and actionable information,” said Artem Karasev, Product Marketing Manager, Corporate Product Marketing at Kaspersky. “Making it easier to process and analyze threat information enables organizations to make timely and fully informed decisions. However, evaluating IT services and choosing from the countless options available on the market is another challenge faced by IT security teams.

Kaspersky recommends paying particular attention to the following points when evaluating external threat intelligence solutions:

  • Sources of information used by the vendor: Vendors that aggregate information from around the world can provide better visibility into real threats and effectively correlate fragmented business.
  • Ability to provide context: Contextual data helps reveal the “big picture,” further validating and supporting extended uses of the data. Relational context, such as domains associated with detected IP addresses or URLs the file was downloaded from, etc., drives incident investigation and supports better “scope” of incidents by uncovering indicators of newly acquired compromise on the network.
  • Compatibility with existing solutions: A review of vendor delivery methods and integration systems ensures seamless integration of threat intelligence into existing security operations.
  • Vendor Experience: A proven track record in threat investigation ensures the effectiveness of the solutions offered.

“Our experience in threat research suggests that, while there is virtually no single criterion that is perfectly applicable to all organizations, the guiding principle for choosing external sources of threat intelligence should be quality rather than quality. amount,” Karasev adds.

Shirlene J. Manley