AlienVault helped sponsor this year's SANS survey and report on Cyber Threat Intelligence (CTI). This year, 94% of organizations surveyed reported that they are using CTI to some extent, and of those, 40% reported that they use the AlienVault Open Threat Exchange (OTX).
What can you learn from them? Read the full SANS report.
Here's a short excerpt and Infographic on the report.
In previous SANS surveys on this subject conducted between 2014 and 2015, many security professionals felt somewhat unclear on exactly what CTI was and how best to make use of it, yet they were collecting some CTI data from disparate sources. Those that were utilizing CTI in 2014–15 were already reaping benefits, however, with 48% of respondents stating that they were able to reduce the number of incidents through early prevention related to use of CTI.1
In this year’s survey, respondents indicate they are more fully implementing CTI into their protection and response programs. For example:
• Traditional network security, endpoint security, and security information and event management (SIEM) vendors are providing the majority of useful intelligence feeds to security teams
• The top use cases for CTI include blocking malicious domains or IP addresses at egress points and adding context to investigations or compromise assessments
• Most security teams using CTI are acquiring the data from industry and community sharing groups (74%) and commercial feeds from security intelligence vendors (70%)