Dive Brief:
- Businesses face a range of problems with their threat intelligence platforms, including difficulty assessing the accuracy of alerts and problems integrating the platforms with their existing tools, according to a report that Recorded Future published on Wednesday.
- The report, which assessed the state of threat intelligence in enterprises, found that 83% of companies have dedicated threat intelligence teams, a slight uptick from last year.
- Roughly half of companies (48%) pay for more than one threat intelligence service, while 41% pay for only one.
Dive Insight:
As cyber threat actors have grown more sophisticated, exploiting vulnerabilities in supply chains and gaps in identity management and access control, companies have begun relying more heavily on threat intelligence vendors to spot attacks and help defend against them. But the report from Recorded Future, a threat intelligence provider, found that many companies are unsatisfied with their vendors.
Customers’ biggest complaint (cited by 50% of surveyed companies) was the difficulty of determining the accuracy and credibility of the reports that their threat intelligence platforms generated. That frustration is a major issue, given the importance of organizations understanding and acting quickly on threat warnings. The second most-frequent complaint (cited by 48% of respondents) was poor integration with existing tools, while two other significant challenges tied for third place (46%): information overload from threat intelligence platforms, and a lack of context tailored to their specific network environments.
Interestingly, customers’ list of desired improvements didn’t perfectly match their list of complaints. According to the report, the top request — from 33% of respondents — wasn’t more reliable intelligence but faster delivery of intelligence. Meanwhile, 22% wanted better integration with existing security tools, and 21% wanted deeper context and analysis.
Despite their complaints, organizations are steadily improving their own use of threat intelligence, according to Recorded Future. Forty-nine percent of companies rated the maturity of their threat intelligence programs as advanced, compared with 45% last year, and 44% rated their programs’ maturity as intermediate, compared with 40% last year. Only 5% of companies said they were operating at a basic maturity level, a drop from 10%. One percent of respondents said they were just beginning their threat intelligence journey, down from 5% last year.
“This progression in maturity year over year suggests that organizations are increasing investments in comprehensive threat intelligence products, dedicated teams, and automated workflows,” Recorded Future said in its report, which was based on an August survey of 615 cybersecurity executives, managers and practitioners at companies with more than 1,000 employees.
Companies cited several planned improvements, including combining threat intelligence with data from their own networks to improve risk insights (36%) and integrating threat intelligence programs with other cybersecurity workflows (25%).
