Weighing the value of IT threat intelligence reports

Despite their widespread use, execs say they don’t contain enough actionable information


Used by CSOs and CISOs to examine the threat landscape as it pertains to cybersecurity, threat intelligence reports can be a valuable tool when it comes to determining where resources are needed the most. In fact, according to a recent survey conducted by Solutionary, an Omaha, Neb.-based provider of managed security services, 83 percent of those polled said that they used threat intelligence reports to help shape their organization’s cyber security strategy. In addition, 80 percent of respondents said that they use these reports to justify resources and budget requests.

Despite the weight they’re given, many security executives say these reports are lacking when it comes to the depth of information they contain. According to the survey, 22 percent of respondents believed that threat intelligence reports were weak on "actionable intelligence" and "defense recommendations." Of course these results beg the question; if some threat intelligence reports lack actionable information, then why are they used by a majority of security managers to justify their resources?

The answer, according to Jon-Louis Heimerl, director of strategic security for Solutionary, is that information security professionals are clearly "hungry" for the information that these reports contain and even though they may lack actionable intelligence, they have to use the information they receive. While there are a variety of companies that produce threat intelligence reports on an annual basis, Heimerl says a major flaw in a majority of them is that they only present a "historic view" of security, rather than provide organizations with a road map for how they can combat present and future threats.

"To get a report that says, 'yeah, we watched our clients last year and we saw 2,300 versions of this virus and we saw this attack 17,000 times,' what you get is a snapshot of the back year of history on what they saw. It’s valuable in the context that it lets a company see what’s been going on in the real world... so I can make an educated guess on things I’ve seen in the past to improve my security and focus around these same areas," says Heimerl. "Our impression of (most threat intelligence) reports are that very few of them you see give much information about context or actionable information or what we have to worry about moving forward."

To address this, Heimerl says that reports should be transformed into a "consumable document" rather than a "history textbook."

And though it may not be preferable, Heimerl says that security managers have to keep using the information they have, even though it may not paint a complete threat picture. Solutionary is currently working on a threat intelligence report that will provide both tactical and strategic information to help organizations more effectively protect their IT assets.

Another issue that Heimerl says Solutionary is working to address is the culture gap between IT managers and executives by writing reports that can speak to both audiences by providing technical details, as well as an overview of the threats.

"All too often, that down flow and up flow of information don't match," says Heimerl "The more we can get (IT managers and senior executives) talking the same language, the better off anybody using that information is going to be."

The threats that organizations face from hackers are enumerable and you don’t have to look very far to see the devastation that they can cause. Data breaches suffered by companies across a wide variety of industries in recent years have caused millions of dollars in damages and also sullied what were once stellar reputations. And while it’s impossible to stop every network intrusion that may occur, IT security firms need to step up to the plate and start providing information that organizations can act upon.