Three-quarters of respondents to Vulcan Cyber’s survey on vulnerability risk management say they have dedicated threat intelligence teams, and two-thirds say they have dedicated threat intelligence budgets.
In spite of those figures, 73% said a “lack of skills” is their biggest challenge that is keeping their organization from fully leveraging investments in threat intelligence resources. Just over half (55%) said their program is not sufficient enough to stay ahead of threat actors.
Conducted by Gartner Peer Insights and Vulcan Cyber, 100 information security, vulnerability management and other executives and practitioners were surveyed for the “Threat Intelligence Adoption Rises to Reduce Vulnerability Risk” report between June 8 and July 29.
The vast majority of respondents said they rely on threat intelligence “often or very often” for vulnerability prioritizations, while 97% of organizations rated their ability to respond based on threat intelligence as average or better.
Nearly two-thirds of respondents say they use it to block bad IPs (64%) while nearly as many, 63%, integrate feeds with other security products.
Consumers of the data varied, with vulnerability management teams topping responses for organizations at 64%, followed by application security teams (62%), security operations centers (SOCs) / incident teams (59%), and security operations (55%).
Over three-quarters of respondents (78%) said they depend on commercial threat intelligence feeds, followed by tapping the community (OTX) at 64%, social media (61%), the dark web (14%) and other (1%).
"It is good that we're seeing such extensive adoption of threat intelligence feeds by so many different types of cyber teams," said Yaniv Bar-Dayan, CEO and co-founder, Vulcan Cyber. "It's even more encouraging to see the share of organizations that have dedicated teams and budgets to act upon those findings. Nonetheless, a concerted effort to scale our ability to respond with precision will be correspondingly more crucial as cloud-native environments grow more complex. Teams don't just need tools and people, they need skills and the ability to use the tools at their disposal to improve the security posture of their organizations."
Melissa Bischoping, director of endpoint security research at Tanium, said threat intelligence can be a powerful source of data to help prioritize “what do we fix first.”
“Every organization has to make strategic choices about which vulnerabilities to patch first, which solutions to modernize at what cost,” said Bischoping. “Threat intelligence is a critical piece of how you make those decisions in the context of both your unique environment and the changing pace of the cyber threat landscape.”
ThreatModeler’s CTO, John Steven, said threat modeling marries intelligence feed and insight data with depicted (“modeled”) architectures so that application and cloud security practitioners can design controls not only around business risk, but around those insights about adversarial behavior.
“It's about connecting dots: organizations will gain more from threat intelligence when they combine its data about motivation, activity, and behavior with the telemetry their defect discovery activities find throughout development and delivery. Then, as organizations threat model, they can design purpose-built detective controls to track and prevent what threat intelligence directs them to fear.”