Neustar-sponsored study reveals challenges and benefits of using threat feeds
Threat data feeds can help organisations strengthen their cybersecurity posture, according to a new report from Ponemon Institute, the pre-eminent research centre dedicated to privacy, data protection and information security policy. Neustar Inc., a global information services and technology company and leader in identity resolution, sponsored the independently conducted study on the state of threat feed effectiveness in the United States and the United Kingdom.
As cyberthreats proliferate, many organisations are using threat feeds with insights from domain name system (DNS) data to help IT security teams better understand threats and block malicious activity. A large majority (79%) of the more than 1,000 security professionals participating in the Ponemon study said threat data feeds were essential to their organisation’s ability to achieve a strong cybersecurity posture, and more than half (55%) rate the quality of their threat feeds’ ability to pinpoint cyberthreats as very high.
Study participants said threat data feeds offer a number of benefits: they add unique data to better inform security (71%), increase preventive blocking to ensure a better defence (63%), reduce the mean time to detect and remediate an attack (55%), and reduce the time spent researching false positives (51%).
However, more than half (56%) of respondents also said threat feeds deliver data that is often too voluminous and/or complex to provide timely and actionable intelligence.
Neustar’s UltraThreat Feeds service addresses these issues by drawing on proprietary data derived from the company’s expansive authoritative and recursive DNS services, DDoS mitigation solutions, OneID system and IP geolocation data. This service, which processes the data and outputs the observations and key insights, has been designed by Neustar’s renowned DNS experts, as well as leading academic researchers. UltraThreat Feeds data, provided as either near real-time threat data feeds or via API calls (JSON format), enable organisations to detect potential threats and identify and stop bad traffic, both inbound and outbound.
“Facing an increase in the volume, sophistication and diversity of threats, enterprises are investing significant resources into threat intelligence solutions to bolster their cyber defences,” said Michael Kaczmarek, senior vice president at Neustar. “Solutions that deliver real-time information on active threats, like Neustar’s UltraThreat Feeds service, can quickly deliver ROI across many layers of an organisation’s defence by improving the performance of network and application security tools – such as SIEMs, TIPs, Next Gen Firewalls, IPS/IDS, WAFs, and DNS Firewalls – which require threat data to effectively detect and block malicious actors.”
Each of the organisations surveyed by Ponemon faced an average of 28 cyberattacks in the past two years. On average, respondents said 38% of these cyberattacks were not stopped because security teams lacked timely and actionable data from their data feeds. Respondents also reported that half (50%) of all attacks can be stopped using timely and actionable intelligence from their threat feeds.
“The deep, rich threat data delivered by Neustar’s UltraThreat Feeds service empowers users to identify indicators of compromise or malicious activity in near real time and act accordingly to limit or even prevent attacks,” added Kaczmarek.
The Ponemon report is based on survey responses from 1,025 IT security practitioners (70% of whom were at or above the supervisory level) in the U.S. and the U.K. whose organisations use threat data in their cybersecurity programmes or infrastructure. The most-represented industry was financial services (18% of respondents), followed by industrial and manufacturing (12%), retail (11%), public sector (11%), and health and pharmaceuticals (9%). Just over half of the participants were from organisations with a global headcount of more than 5,000 employees. The surveys were carried out in November 2020.
To access the full report, go to