SANS Report Sponsored by DomainTools Reveals Cyber Threat Intelligence (CTI) Gaining Momentum as Organizations Battle to Keep Up with Hackers
As cyberattacks and attackers become more blatant and pervasive each year, a new SANS Institute report, in conjunction with DomainTools, shows organizations around the globe are turning towards Cyber Threat Intelligence (CTI) to detect, respond, and ultimately prevent attacks.
DomainTools, the leader in domain name and DNS-based cyber threat intelligence, co-sponsored the SANS survey and resulting report, SANS 2018 Cyber Threat Intelligence Survey. Results show adoption of CTI programs has steadily grown, with 68 percent of organizations currently creating or consuming CTI data and 22 percent having plans to do so in the future. Additionally, more respondents than ever before are finding CTI programs are helping improve overall cybersecurity posture, with the rate climbing to 81 percent this year, compared to 78 percent in 2017 and 64 percent in 2016.
According to the report, some of the most popular security operations tasks that CTI programs support include detecting threats (79%), incident response (71%), blocking threats (70%) and threat hunting (62%). Many of the survey responses indicate that the increased emphasis on CTI and threat intelligence sharing was key in allowing operations teams to quickly search for existing compromises and proactively block access from external clients.
“Despite the onslaught of new threats that have been waged this past year, the SANS survey findings reflect threat intelligence platforms and programs are improving overall prevention, detection, and response efforts,” said Tim Helming, Director of Product Management of DomainTools. “Cyber threat intelligence is such an effective and important part of security operations because it converts an organization’s general posture from a reactive to proactive mindset, which gets teams beyond the ‘if’ something will happen to ‘when something happens, we are ready for it.’”
Additional key findings from the SANS and DomainTools report include:
- Some threat intelligence is more useful than others, with detailed malware indicators (81%) and information on the vulnerabilities that are targeted by attackers (79%) seen as the top two.
- The largest improvements in the CTI ecosystem from last year were in improving security operations (increased from 63% to 70%), preventing damage to business systems or data (increased from 36% to 45%), reducing time to identify and respond to incidents (increased from 50% to 59%), and revealing vulnerabilities to implement new controls (increased from 48% to 59%).
- The prevalence of dedicated threat intelligence platforms is also on the rise, up from 41 percent in 2017 to 57 percent in 2018; This year, 48 percent connected to CTI programs via API.
To make cyber threat investigations by security and IT professionals faster, more insightful, and easier to administer, in 2015 DomainTools launched the Iris Investigation Platform. By combining the broadest TLD database with industry-leading passive DNS data from top-tier providers, Iris delivers reliable information quickly, creating forensic maps of criminal activity for security pros to triage threat indicators, assess risk, and ultimately prevent future attacks.
For the full SANS survey results, read the report. This year, over 300 top security and business executives from industries including technology and IT, financial services, government, and education contributed to the survey.