SANS Report Sponsored by DomainTools Reveals Cyber Threat Intelligence (CTI) Gaining Momentum as Organizations Battle to Keep Up with Hackers
Seattle – February 8, 2018–As cyberattacks and attackers become more blatant and pervasive each year, a new SANS Institute report, in conjunction with DomainTools, shows organizations around the globe are turning towards Cyber Threat Intelligence (CTI) to detect, respond, and ultimately prevent attacks.
DomainTools, the leader in domain name and DNS-based cyber threat intelligence, co-sponsored the SANS survey and resulting report, SANS 2018 Cyber Threat Intelligence Survey. Results show adoption of CTI programs has steadily grown, with 68 percent of organizations currently creating or consuming CTI data and 22 percent having plans to do so in the future. Additionally, more respondents than ever before are finding CTI programs are helping improve overall cybersecurity posture, with the rate climbing to 81 percent this year, compared to 78 percent in 2017 and 64 percent in 2016.
According to the report, some of the most popular security operations tasks that CTI programs support include detecting threats (79%), incident response (71%), blocking threats (70%) and threat hunting (62%). Many of the survey responses indicate that the increased emphasis on CTI and threat intelligence sharing was key in allowing operations teams to quickly search for existing compromises and proactively block access from external clients.
“Despite the onslaught of new threats that have been waged this past year, the SANS survey findings reflect threat intelligence platforms and programs are improving overall prevention, detection, and response efforts,” said Tim Helming, Director of Product Management of DomainTools. “Cyber threat intelligence is such an effective and important part of security operations because it converts an organization’s general posture from a reactive to proactive mindset, which gets teams beyond the ‘if’ something will happen to ‘when something happens, we are ready for it.”
Additional key findings from the SANS and DomainTools report include:
To make cyber threat investigations by security and IT professionals faster, more insightful, and easier to administer, in 2015 DomainTools launched the Iris Investigation Platform. By combining the broadest TLD database with industry-leading passive DNS data from top-tier providers, Iris delivers reliable information quickly, creating forensic maps of criminal activity for security pros to triage threat indicators, assess risk, and ultimately prevent future attacks.
For the full SANS survey results, read the report. This year, over 300 top security and business executives from industries including technology and IT, financial services, government, and education contributed to the survey.About DomainTools
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.1081377.com or follow us on Twitter:@domaintoolsAbout SANS Institute
As the global leader in information security training, the SANS Institute provides up-to-date intelligence and informative classes to help protect organizations against cyber threats. Over 165,000 security professionals rely on SANS training to sharpen their skills. Learn more about SANS at sans.org .