IS CYBERTHREAT INTELLIGENCE
( CTI ) BECOMING INCREASINGLY
IMPORTANT IN THE BATTLE AGAINST
CYBERCRIME ?
Report reveals that 62 % of people say lack of skilled cyberthreat intelligence ( CTI ) professionals is a major roadblock to implantation .
ANS , the largest
S and most trusted provider of cybersecurity training and certification to professionals worldwide , has released the results of its annual SANS 2018 Cyber Threat Intelligence survey . The study sheds light on the evolution of cyberthreat intelligence ( CTI ) in cybersecurity and shows that CTI is maturing as a discipline . In one of the clearest trends SANS has seen in the last three years , respondents have increasingly stated that CTI is improving their prevention , detection and response capabilities . In 2018 , 81 % of respondents state their cyberthreat intelligence implementations have resulted in improvements , compared to 78 % in 2017 and 64 % in 2016 . In addition , the number of respondents who answered ‘ unknown ’ has more than halved since 2016 , jumping from 34 % in 2016 to 21 % in 2017 , and now to only 15 % in 2018 . A total of 68 % of respondents say they have implemented CTI this year and another 22 % plan to introduce it in the future . Only 11 % of companies have no plans to do so , falling from 15 % in the previous year . This indicates that CTI is becoming
?
more useful overall , especially to security operations teams that are working hard to integrate intelligence into their prevention , detection and response strategies .
CTI skill set in demand
However , finding skilled staff to operate CTI consoles is getting more difficult , despite the trends showing that CTI can play an important role in an organisation ’ s security strategy . In this year ’ s survey , 62 % of respondents cite a lack of trained CTI professionals and skills as a major roadblock , an increase of nearly 10 % points over 2017 . This indicates that the more CTI is used and consumed , the more this skill set is in editor ’ s question
demand . It may therefore be much more difficult to find staff members who are experienced in setting up and operating CTI programs . Similarly , 39 % cite a lack of technical ability to integrate CTI tools into the organisational environment .
Better visibility and improved security operations
As a result of their CTI programme efforts , respondents report better visibility and improved security operations . For example , 71 % indicate overall satisfaction with visibility into threats and indicators of compromise ( IoCs ). When specifying improvements , 70 % of participants report improved security operations , while 66 % cite improved ability to detect previously unknown threats . Responses to the 2018 survey reveal a growing emphasis on CTI being used for security operations tasks : detecting threats ( 79 %), incident response ( 71 %), blocking threats ( 70 %) and threat hunting ( 62 %). The survey responses indicate that threat intelligence is key in augmenting and improving firewall rules , network access control lists and reputation lists . Known sites and indicators associated with ransomware are then shared through threat intelligence , allowing operations teams to quickly search for existing compromise and proactively block access from internal clients . www . intelligentciso . com | Issue 02
27