A third of security professionals are unprepared for dealing with cyber threats
One in three security professionals lack effective intelligence to detect and action cyber threats, according to a new survey from threat intelligence platform Anomali.
In addition 24 percent believe they are at least one year behind the average threat actor, with half of this sample admitting they are trailing by two to five years.
Among other findings are that 17 percent of respondents haven't invested in any threat detection tools such as SIEM, paid or open threat feeds, or User and Entity Behavior Analytics (UEBA). Two-thirds of respondents maintain fewer than 200 days of log data online for analysis and forensics, despite hackers often lurking undetected for this length of time.
"The '200 day problem' arises from the fact that logs are produced in such massive quantities that typically only 30 days are retained and running searches over long time ranges can take hours or even days to complete," says Jamie Stone, vice president, EMEA at Anomali. "Detecting a compromise at the earliest stage possible can identify suspicious or malicious traffic before it penetrates the network or causes harm. It’s imperative to invest in technologies security teams can use to centralize and automate threat detection, not just daily but against historical data as well."
The study shows that 80 percent of security professionals don't consult historical logs on a daily basis to investigate past exposure to threats. Plus only 13 percent compare historical logs with threat feeds or indicators of compromise daily.
"Organizations must wake up to the daily reality of cyber-attacks and start viewing security as a business enabler that can support and add value to the business as it transforms and innovates," adds Stone. "It's all too common that IT purchase decisions are driven solely by budget rather than need. Implementing the bare minimum is not an option, bolstering cyber security postures must be prioritized. Solutions such as a threat intelligence platform will enable organizations to proactively detect and respond to the modern cyber adversary."
You can find out more about the importance of threat intelligence on the Anomali blog.