Cyber threat intelligence is crucial for effective defense

security log monitoring
Credit: Thinkstock

It’s impossible to defend against every possible exploit and threat vector. Businesses have to allocate limited resources to provide the best possible defense against the most probable threats. That requires threat intelligence. A new report titled Importance of Cyber Threat Intelligence to a Strong Security Posture illustrates how crucial threat intelligence is for effective security.

A Webroot blog post about the study shares the key findings from the survey:

* 40% of companies surveyed had a material security breach in the past 24 months, and 80% believe if they’d had threat intelligence at the time of the breach, they could have prevented or minimized the consequences of the attack

* Current cyber defense practices are not considered effective; only 36% of respondents rate their company’s defense as strong

* Almost half of respondents are increasing the amount of intelligence data they receive to prevent or mitigate the consequences of an attack

* 56% say intelligence becomes stale within seconds or minutes, and indicate that the more valuable features of a threat intelligence solution are the ability to implement intelligence and gauge the trustworthiness of the source in real time

* 49% use “fee-based” sources of intelligence, stating free sources are inadequate for comprehensive threat analysis, making it more difficult to prioritize threats

*In the next two years, one-third of respondents will increase their threat intelligence budget significantly

“Businesses are struggling to identify and stop new Web threats because they must assess the risk of more unknown objects than before and the rate of change across the threat landscape is faster than their traditional security technologies can keep up with,” said Patrick Kennedy, vice president of enterprise marketing at Webroot. “The study highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks.”

Here is why this report is valuable—and why threat intelligence is so crucial. Using national security as an analogy, just about anything and everything is a potential attack vector. There simply isn’t enough time, money, or manpower to defend against every imaginable scenario. Instead the government gathers threat intelligence so it can understand which threats are most credible or imminent and allocate resources accordingly to guard against those attacks.

Not all threats are created equally, and not all threats would have the same impact on an organization if successful. It’s important for companies to be aware of all potential threats, but threat intelligence goes a step further and allows those companies to dedicate security resources to strengthen defenses where necessary to strengthen the security posture against the attacks that are most likely to actually occur.

Take a look at the Webroot / Ponemon study and consider where your organization is at in terms of threat intelligence and security posture.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.