Intelligent CIO Middle East Issue 30 | Page 34

EDITOR’S QUESTION IS CYBER THREAT INTELLIGENCE BECOMING INCREASINGLY IMPORTANT IN THE BATTLE AGAINST CYBERCRIME? ////////////////////////////////////////////////////////////////////////////////////////////////////////// S ANS, the largest and most trusted provider of cybersecurity training and certification to professionals worldwide, has released the results of its annual SANS 2018 Cyber Threat Intelligence Survey. intelligence into their prevention, detection and response strategies. “As the threat landscape continues to change, and with more advanced attackers than ever, security teams need all the help they can get to more effectively prevent, detect and respond to threats,” said Dave Shackleford, SANS Analyst and Senior Instructor. The study sheds light on the evolution of Cyber Threat Intelligence (CTI) in cybersecurity and shows that CTI is maturing as a discipline. CTI skill set in demand In one of the clearest trends SANS has seen in the last three years, respondents have increasingly stated that CTI is improving their prevention, detection and response capabilities. In 2018, 81% of respondents state their CTI implementations have resulted in improvements, compared to 78% in 2017 and 64% in 2016. However, finding skilled staff to operate CTI consoles is getting more difficult, despite the trends showing that CTI can play an important role in an organisation’s security strategy. In this year’s survey, 62% of respondents cite a lack of trained CTI professionals and skills as a major roadblock, an increase of nearly 10% points over 2017. In addition, the number of respondents who answered ‘unknown’ has more than halved since 2016, jumping from 34% in 2016 to 21% in 2017, and now to only 15% in 2018. This indicates that the more CTI is used and consumed, the more this skill set is in demand. It may therefore be much more difficult to find staff members who are experienced in setting up and operating CTI programmes. Similarly, 39% cite a lack of technical ability to integrate CTI tools into the organisational environment. A total of 68% of respondents say they have implemented CTI this year and another 22% plan to introduce it in the future. Only 11% of companies have no plans to do so, falling from 15% in the previous year. This indicates that CTI is becoming more useful overall, especially to security operations teams that are working hard to integrate 34 INTELLIGENTCIO Better visibility and improved security operations As a result of their CTI programme efforts, respondents report better visibility and improved security operations. For example, 71% indicate overall satisfaction with visibility into threats and indicators of compromise (IoCs). When specifying improvements, 70% of participants report improved security operations, while 66% cite improved ability to detect previously unknown threats. Responses to the 2018 survey reveal a growing emphasis on CTI being used for security operations tasks: detecting threats (79%), incident response (71%), blocking threats (70%) and threat hunting (62%). The survey responses indicate that threat intelligence is key in augmenting and improving firewall rules, network access control lists and reputation lists. Known sites and indicators associated with ransomware are then shared through threat intelligence, allowing operations teams to quickly search for existing compromise and proactively block access from internal clients. “Fortunately, many organisations are sharing details about attacks and attackers and numerous open source and commercial options exist for collecting and integrating this valuable intelligence,” added Shackleford. “All of this has resulted in improvements in organisations’ abilities to improve security operations and detect previously unknown attacks.” www.intelligentcio.com