Threat Intelligence Identified as Investment Priority for 2016 as Firms Fail to Capitalise on Holistic and Integrated View of Security Performance

LONDON, November 13, 2015 /PRNewswire/ --

Study finds performance, skills, and costs remain biggest hurdles to true data-driven security 

SecureData, the leading provider of managed cybersecurity services, and global market research and advisory firm IDC, today unveiled the findings of a study of 300 large UK companies to gauge their understanding of Threat Intelligence and the key factors necessary to deliver on its potential.

The IDC study, Towards Threat Wisdom , found that:

• 96% of UK firms already use Threat Intelligence products and services; all of those surveyed intend to do so within the next 24 months
• Faster attack detection and response (55%), better understanding of threats and attacks (43%), and finding new or unknown threats (42%) were the main benefits identified
• Major challenges include performance and response times (75%), training and expertise (59%), and the costs of tools, maintenance and personnel (52%)

Analytics-based issues are also regarded as a significant hurdle. Correlating events (49%) and reducing false positives / negatives (36%) scored surprisingly high, while two thirds of organisations (66%) plan to invest in Big Data analytics engines, but only a quarter are ready to invest in third-party intelligence products or services.

"Threat intelligence is not simply information," states Duncan Brown, Research Director, IDC. "It is a service delivering a collated and correlated range of data feeds and sources to provide actionable advice to security operations. Getting this holistic view of security beyond IT is critical to understanding the full context of threat information, but our study suggests firms are taking a somewhat traditional view of intelligence that discounts more innovative developments."

Only a minority of those surveyed by IDC believe that Threat Intelligence includes intrusion monitoring (33%), or the sharing of information within the security community (35%). An even smaller group includes analytics either based on behaviour (6%) or correlation of security data (6%). Just 3% believe cloud-based intelligence sharing is part of Threat Intelligence.

Crucially, although many organisations collect a substantial amount of information across their IT security infrastructure, they are failing to integrate this with their Threat Intelligence platform:

• Less than 60% of respondents integrate data from their firewall or UTM devices
• Just under half (47%) of the 86% of organisations using an MDM to manage mobile devices integrate data from their system with their Threat Intelligence platform
• Only 34% of firms correlate external data such as threats or attacks on peer companies with their Threat Intelligence platform

"IDC's findings suggest Chief Information Security Officers are not considering the wider context in which their business operates, either from a physical security and application security perspective, or from a broader industry viewpoint," states Etienne Greeff, CEO, SecureData. "Nevertheless, the fact they recognise the importance of increased context and intend to invest in such insight as a priority is encouraging as it will enable them to adopt an offensive security posture - one that mitigates the ever-expanding attack surface and better protects their infrastructure, applications and valuable information assets."

Notes to Editors 

Commissioned by SecureData, IDC's study was conducted between September and October 2015. IDC interviewed 300 heads of IT and security at UK-based organisations with at least 500 employees across a broad range of industries including: technology, media and telecoms; financial services; professional services; manufacturing and construction; transport, travel and leisure; and retail.

All of the firms surveyed had heard the term Threat Intelligence, but they differ on what they understand by it:

• More than three quarters (77%) regard Threat Intelligence as SIEM, and slightly less as risk-based analysis of threats and recommended remediation (73%)
• Over 60% of respondents include automated remediation of attacks (61%) and data feeds of vulnerabilities and other threats (64%) as a core element of Threat Intelligence
• The majority of firms regard Threat Intelligence as a combination of both products and services, but in some cases, are implementing Threat Intelligence exclusively as a service
  

Also significant is the understanding of threats facing the respondent's own organisation. This is an extremely important attribute for Threat Intelligence and it is encouraging that 43% of respondents shared this view. Interestingly, seeing attacks and threats within an organisation's context was deemed much less important (29%). This apparent contradiction may be explained by respondents being focused on direct threats to them rather than a wider and more contextual basis for threat assessment.

Although a minority of firms currently correlate all security related data, 97% would do so if they were able. This points to a perception amongst the majority of respondents that they are unaware that holistic correlation is possible or affordably realistic.

A White Paper 'Towards Threat Wisdom: combining data, context and expertise to optimise Threat Intelligence' is available to download here. As well as providing an outline of the study's findings, the White Paper also provides recommendations for companies on how to maximise on the benefits of true Threat Intelligence.

About SecureData 

SecureData is a leading provider of managed cybersecurity services. Using our unique Greater Intelligence (GI) platform, bespoke monitoring tools and expert security analysts, we provide customers with rich, contextualised threat information that enables them to adopt an offensive security strategy and respond rapidly to their most urgent and relevant threats. http://www.secdata.com

About IDC 

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. More than 1,100 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. http://www.idc.com