IT security managers rely on external support for most aspects of threat intelligence: investigation

IT security managers looking to boost internal threat intelligence (IT) programs would prefer to delegate five of the eight major IT aspects to external vendors rather than develop them in-house. For most respondents, faster threat detection, resolution and response are the primary benefits of using external solutions.

According to a survey commissioned by Forrester Consulting on behalf of Kaspersky, IT has become a must for incident prevention and an important area in which organizations must invest. At the same time, this new specialty remains a challenge for IT security teams as it requires constant monitoring, analysis and interpretation of large amounts of fragmented data in addition to regular reassessment and adjustment of skills, appropriate sources and tools.

The new study, assessing threat intelligence practices among companies with mature cybersecurity functions, found that although 83% of decision makers recognize the crucial role of threat intelligence in building a resilient cybersecurity program and plan to invest in the field, IT remains a specialty challenge for all companies.

Nearly two-thirds of IT security leaders (64%) said their organization struggled to align its threat intelligence program with its risk management program, and 62% struggled to implement measurement procedures to track the effectiveness of threat intelligence.

Other major concerns include improving knowledge of the threat landscape, prioritizing information requirements from multiple stakeholders, and identifying data gaps.

Measures taken to combat IT

To address these challenges and improve their threat intelligence program, IT security decision makers plan to implement a series of measures internally and leverage vendor offerings.

Respondents believe it is more efficient to rely on external vendors for the majority of IT needs. Six in ten (61%) would implement support for processing raw information, 60% for gathering human intelligence, and 59% for integrating data feeds with other security tools. However, companies still prioritize developing internal capabilities to choose and aggregate data sources.

The top two benefits of using vendor support are faster threat detection, remediation, and response (56%) and improved efficiency through automated reporting processes (52%). About half of respondents also said that external solutions can reduce the number of breaches and associated costs.

Artem Karasev, Product Marketing Lead, Corporate Product Marketing at Kaspersky, said: “The Threat Intelligence program strengthens a company’s defense, contributing to its visibility by providing relevant and applicable information. Facilitating the processing and analysis of threat intelligence enables organizations to make timely and informed decisions. However, evaluating IT services and choosing from the countless options available on the market is another challenge faced by IT security teams.

Karasev said the company’s experience with threat research suggests that, while there are virtually no criteria that are perfectly applicable to all organizations, the guiding principle for choosing external threat intelligence sources the threats should be quality rather than quantity”.

Kaspersky recommends paying particular attention to the following points when evaluating external threat intelligence solutions:

Sources of information used by the supplier: Providers that aggregate information from around the world can provide more visibility into real threats and effectively correlate fragmented business.

Ability to provide context: Contextual data helps reveal the “big picture,” further validating and supporting extended uses of data. Relational context, such as domains associated with detected IP addresses or URLs the file was downloaded from, etc., drives incident investigation and supports better “scope” of incidents by uncovering indicators of newly acquired compromise on the network.

Compatibility with existing solutions: A review of vendor delivery methods and integration systems ensures seamless integration of threat intelligence into existing security operations.

Seller’s experience: A proven track record in threat investigation ensures the effectiveness of the solutions offered.

Saying that the results of the study were not at all surprising, Dipesh Kaura, Managing Director of Kaspersky South Asia, said: “Given the nature of work, IT is a highly dynamic and highly specialized field in which better access to information about what is happening in the world, your security systems can be stronger. For this, it is better to rely on experts.

Posted: Tuesday, March 15, 2022, 6:05 PM IST

Shirlene J. Manley