Federal Security Leaders Have Spoken: Threat Intelligence Is Critical
November 23, 2021 • Jake Munroe
It’s safe to say that over the last year for security teams across the Federal Government, we have seen a lot of priorities and initiatives have been shifting. When we talk to our government customers about their threat intelligence programs and the drivers and roadblocks in order to advance them we hear of the changes that need to be accounted for in their programs. Given the amount of change that has been seen recently, we wanted to get an unbiased outside view on the current state of threat intelligence programs across the public sector. To help get to the bottom of this, we partnered with MeriTalk on a survey asking questions about threat intelligence programs to 150 federal cybersecurity leaders on their thoughts. The results were very interesting and appeared to be a good mix of things we have been hearing for years combined with new data points that honestly surprised us.
Here are the top 5 lessons we learned from the survey on the drivers and roadblocks to advancing threat intelligence for the Federal Government.
- Threat intelligence is and will continue to be a main focus area: so much so that 84% of federal cybersecurity leaders say that improving their ability to identify, integrate, and analyze threat intelligence is one of their top technology priorities over the next 3 years. That’s right…not just a top security priority but a top technology priority! What also stands out as a positive is their priority is not to just get more threat intelligence, invest more, or buy more tools, it’s an all-encompassing approach of finding the best intelligence sources, integrating them directly into analyst workflows, and allowing them to be able to conduct deep analysis. This shows the value of threat intelligence being ingrained throughout federal security teams and making it actionable for them versus just getting more data to get more data which is what we have seen in the past.
- Security silos are slowing down progress but present an opportunity to accelerate: 83% of respondents agreed that streamlining siloed security efforts will be one of their top challenges over that same three year time period. In the Federal Government, information silos are one of the biggest issues not just in security but across all teams and organizations. With that said, it makes sense that this is one of the primary concerns of the respondents for the survey.
Threat intelligence is a data source and capability that crosses teams from cybersecurity, to intelligence analysis, to supply chain, and more. Currently, a vast majority of the same intelligence should be used and shared across all of the teams that need it, but due to the silos, the hardest part is finding who needs it, how to share it, and how cross-functional teams can go forth and take action together. Having all of the teams on the same intelligence platform with the ability to quickly and easily share intelligence is a start but breaking down the communications and process silos will be the harder issue to tackle for an efficient way forward.
- Confidence in detecting and reporting threats is lacking: only 42% of respondents were confident in their agency’s ability to detect and report malicious incidents in real-time. This statistic is pretty alarming but unfortunately very realistic. In today’s world with all of the alerts, tools, teams, and rapidly changing priorities, it’s very hard for organizations to keep up with all of the threats let alone take action and report their findings. Taking an intelligence-led approach doesn’t solve this completely but what it helps with is cutting down the noise so analysts can be hyper-focused on the threats that are actually impacting their organization. From there, they can understand what to action on first, how to action it, and report it up the chain so that key stakeholders are informed. Without focused and real-time intelligence it’s more of a guessing game that gives the adversary the upper hand as alerts are often overlooked or are “stuck” in a queue behind others without even being able to be triaged.
- The top roadblocks aren’t surprising, unfortunately: manual and resource intensive processes, difficulty managing multiple dashboards, and slow and reactionary responses rounded out the top three blockers of advancing federal threat intelligence programs. Based on the current state, these roadblocks make sense. The good news is that these appear to be more tactical in nature which means that with strategic changes to intelligence programs these roadblocks should also subside. For instance, by focusing on the strategic priority above to identify, integrate, and analyze intelligence across the entire organization, it will minimize the current manual processes, aggregate all data into a single dashboard (or less than analysts have today), and enable analysts to take a proactive and efficient approach to actioning threats.
- The benefits will pay dividends: the top three benefits of advancing threat intelligence programs that the federal cybersecurity leaders highlighted were faster threat detection, improved security workflow efficiency, and better informed decision making. These benefits speak for themselves – they give the organizations the ability to detect, respond, and report on threats faster, be more efficient in doing so, and be more informed across the entire organization from the new security analyst to the senior-most decision maker. With those benefits, to all of us at Recorded Future it seems like a no-brainer to employ an intelligence-led approach going forward!
To understand the full scope of drivers and roadblocks the Federal Government is dealing with in order to advance their threat intelligence capabilities and programs, be sure to download the full survey here.