Challenges and benefits of using threat data feeds
Threat data feeds can help organizations strengthen their cybersecurity posture, according to a report from the Ponemon Institute.
As cyberthreats proliferate, many organizations are using threat feeds with insights from domain name system (DNS) data to help IT security teams better understand threats and block malicious activity.
79% of the more than 1,000 security professionals participating in the study said threat data feeds were essential to their organization’s ability to achieve a strong cybersecurity posture, and 55% rate the quality of their threat feeds’ ability to pinpoint cyberthreats as very high.
The benefits of threat data feeds
Study participants said threat data feeds offer a number of benefits: they add unique data to better inform security (71%), increase preventive blocking to ensure a better defence (63%), reduce the mean time to detect and remediate an attack (55%), and reduce the time spent researching false positives (51%).
However, 56% of respondents also said threat feeds deliver data that is often too voluminous and/or complex to provide timely and actionable intelligence.
“Facing an increase in the volume, sophistication and diversity of threats, enterprises are investing significant resources into threat intelligence solutions to bolster their cyber defences,” said Michael Kaczmarek, Sr VP at Neustar.
Attacks can be stopped using timely and actionable intelligence
Each of the organizations surveyed faced an average of 28 cyberattacks in the past two years. On average, respondents said 38% of these cyberattacks were not stopped because security teams lacked timely and actionable data from their data feeds. Respondents also reported that 50% of all attacks can be stopped using timely and actionable intelligence from their threat feeds.
The report is based on survey responses from 1,025 IT security practitioners (70% of whom were at or above the supervisory level) in the U.S. and the U.K. whose organizations use threat data in their cybersecurity programmes or infrastructure.
The most-represented industry was financial services (18% of respondents), followed by industrial and manufacturing (12%), retail (11%), public sector (11%), and health and pharmaceuticals (9%). Just over half of the participants were from organizations with a global headcount of more than 5,000 employees.