Cyber Threat Intelligence Uses, Successes and Failures: The SANS 2017 CTI Survey


Cyber Threat Intelligence Uses, Successes and Failures: The SANS 2017 CTI Survey


Cyber threat intelligence (CTI) shows promise in making these types of threats easier to detect and respond to, according to our recently conducted survey on cyber threat intelligence. In this, our third survey on CTI, 60% of organizations overall are using CTI, while another 25% plan to. As we might expect, small organizations with fewer than 2,000 employees are less likely to plan to use CTI. Of those using CTI, 78% felt that it had improved their security and response capabilities, up from 64% in our 2016 CTI survey


CTI adopters are also facing challenges. In this survey, their biggest challenges to the effective implementation of CTI are a lack of trained staff, lack of funding, lack of time to implement
new processes, and lack of technical capability to integrate CTI, as well as limited management support. Those challenges indicate a need for more training, as well as easier, more intuitive tools and processes to support the ever-growing use of CTI in today’s networks.


Real-Life Examples of CTI Usage

When we asked organizations to give specific examples of CTI use in the environment, more than 100 respondents wrote thoughtful answers that fell into these categories:
• Proactively stopping malware, ransomware and advanced threats
• Improving detection capabilities
• Threat modeling
• Prioritizing security and response
• Detecting phishing emails, desktop-related targeting and end user application compromise
• Reusing data for security staff awareness


Key CTI Elements

Relevance of threat data and information
Cleanliness and quality of data
Timeliness of threat data and intelligence
Visibility into threats and IOCs
Reports (strategic and operational level)
Comprehensiveness of coverage
Searching and reporting
Automation and integration of threat intelligence with detection and response systems
Integrated data feeds
Location-based visibility
Identification and removal of expired IOCs and other old data
Machine learning/Analytics


Source: SANS


Tags: CyberSecurity,Industrial Control Systems,Threat Intelligence Data,Threat Intelligence Information,Threat Intelligence Platforms,