Conducted by global market intelligence and advisory firm IDC, the Towards Threat Wisdom study revealed that 55% of large firms are outsourcing a variety of security-related functions such as incident response, vulnerability scanning, and patch management. However, Threat Intelligence remains dominated by in-house approaches, with 58% of firms buying Threat Intelligence products they manage themselves.
Almost all of the firms participating in the study accept that Threat Intelligence should be a combination of products and services or a pure managed service. However, of the 45% of respondents whose organisation does not use managed security services, two-thirds claimed they have all the necessary resources internally despite the biggest challenges to using Threat Intelligence being identified as performance and response times; the cost of tools, maintenance and personnel; and training and expertise.
“While organisations may argue that they have all the in-house expertise and resources they need, this clearly isn’t the case with Threat Intelligence,” states Etienne Greeff, CEO at SecureData. “The range of data feeds both within an organisation and externally can be vast, with security operations often being overwhelmed with data from events and alerts. Digesting threat information can also be a slow and painful process, while most organisations lack contextual awareness. An organisation must join the dots in a vast sea of data to find relevant evidence of an imminent, or already successful attack.”
The resistance to consuming Threat Intelligence as a service runs in stark contrast to the growing confidence organisations place in managed security. Of those firms participating in the IDC study and already using managed security services or outsourcing some part of their security operations, a third said that they did so to improve visibility, monitoring and control of security, while a fifth wanted to achieve better or earlier threat detection. Just 4% turn to third-party providers to lower costs.
“Harnessing the power of Threat Intelligence isn’t easy,” adds Marty Legg, Cloud Services Director at SecureData. “Enormous investments in specialist people, processes and technologies are required – with no guarantee of success. Organisations should not try to go it alone. If you’re making a Threat Intelligence investment, it should be in a provider that offers an extensive cloud-based service that’s managed on your behalf, and which you can consume on a pay-as-you-grow basis.”