The SANS 2020 Cyber Threat Intelligence (CTI) Survey is now available and includes responses from a record 1,006 security professionals. More organizations than ever report they have CTI programs in place – quite an evolution from a handful of years ago when CTI was conducted on an ad-hoc basis.
Now that CTI has matured into a standalone program with its own staff, tools and processes, this year the SANS survey asked specific questions about how organizations are setting up their CTI program for success and measuring effectiveness. Here are just three of the key takeaways:
1. Organizations are defining and documenting intelligence requirements up front to ensure they are focusing on the right intelligence, which now includes not only external threat feeds and vendor-provided threat intelligence but also data from internal tools and teams.
2. They use automation selectively, primarily where tasks are truly administrative and repetitious.
3. Collaboration across internal teams, as well as with service provider partners and information-sharing groups, is critical to ensure a coordinated effort. ...read more!
