SAN MATEO, Calif. – Sept. 20, 2016 – AlienVault®, the leading provider of Unified Security Management™ (USM) and crowdsourced threat intelligence, today released the results of a study that looks at the current state of threat intelligence. AlienVault polled 222 security professionals at Black Hat 2016 to learn how their security teams have changed over the last two years, how the security landscape has evolved over the past 12 months, and how they are incorporating threat intelligence into their malware defense strategies.
The majority of respondents (62%) stated that, over the last two years, their security teams have increased in size. While this is not overly surprising, as more and more research is showing increased investment in security, it is an encouraging sign considering the security skills shortage that has plagued the industry for years. Shedding light on one of the driving forces behind the increase in security teams, more than half of survey participants (53%) reported an increase in security incidents over the past year.
An overwhelming majority of respondents (76%) believe that the security industry has a moral responsibility to share threat intelligence. Although there is no requirement or mandate for companies to do so, many security professionals feel that if they observe an active exploit, it is their duty to share it with others. This view is a key reason why threat intelligence – which helps organizations enhance threat detection and incident response – is rapidly being recognized as a critical aspect of security for both organizations and vendors.
And organizations are backing up this belief with action. An overwhelming 95% of survey respondents use threat intelligence in some way.
Survey respondents rely on a range of threat intelligence sources, including their own detection processes (66%), trusted peers (48%), paid subscription services (44%), government agencies (38%), crowdsourced/Open Source communities (37%) and blogs/online forums (28%). These survey results are in line with years past. AlienVault asked this same question at Black Hat 2015 and RSA 2014. The results of each survey show that, year-over-year, the range of threat intelligence sources that companies rely on has consistently increased.
One of the reasons for this wide range is that threat intelligence can be additive in nature. A company can rely primarily on its own internal detection processes, but can complement this method with sources such as a government feed, or by pulling data from a crowdsourced platform, with little overlap in the data obtained. By referencing more threat intelligence sources, a company can gain a more comprehensive view of the overall threat landscape.
Security professionals stated that they share threat intelligence with trusted peers (56%), internally (47%), with government agencies (28%), publicly (18%) and with crowdsourced/Open Source platforms (15%). Compared to responses from Black Hat 2015 and InfoSec 2015, where this same question was asked, there has been a gradual increase in the number of respondents sharing threat data publicly, as well as with trusted peers.
The largest jump has been in the adoption of crowdsourced platforms for threat intelligence sharing, which increased by almost five times since last year. This trend will continue to escalate as confidence in threat sharing platforms increases and as the trusted peer groups of security professionals expands.
“The nature of the security industry has been extremely secretive, so it’s very encouraging to see that more people are utilizing different sources and are willing to more openly share threat intelligence,” said Javvad Malik, security advocate at AlienVault. “Malicious criminals innovate quickly, and the more our industry can achieve a similar level of agility through cooperation and collaboration, the more we can create a powerful collective defense against today’s advanced threats. Public threat intelligence sources, such as AlienVault’s Open Threat Exchange, enable even the smallest IT departments to leverage the collective knowledge of a global network of security experts to better identify, respond to and mitigate threats. We hope to see continued trust in these sources.”