Insights from SANS Institute’s 2024 CTI Survey

The cybersecurity landscape is constantly evolving, and threat intelligence teams globally are consistently challenged to protect against a vast range of risks and adapt to threats as they emerge. SANS Institute’s latest survey of 800+ CTI professionals across 22 industries sheds light on how these teams are navigating the complexities of geopolitical tensions, ever-changing ransomware attacks, and the integration of cutting-edge technologies like generative AI. In this article we’ll summarize the top eight findings from this year’s survey.

Geopolitical Impact and Regulatory Changes

Geopolitical events have a significant influence on threat intelligence teams, with global conflicts often leading to increased cyber espionage and misinformation campaigns. New regulations are also reshaping CTI requirements, prompting teams to adapt to new processes to meet needs as they evolve.

Rise of Threat Hunting

For the first time, threat hunting has emerged as the top use case for CTI. This proactive approach identifies threats that may not yet be detected or addressed within an organization’s network.

Growing Role of AI

Artificial Intelligence is making an indelible mark on CTI operations, with nearly 25% of respondents already using AI in their programs and another 38% planning to incorporate it. AI can enhance threat detection, data analysis, and automation, though there are ongoing concerns about its safety and reliability.

In-House vs. External CTI Capabilities

There has been a notable increase in organizations utilizing a mix of both in-house and external threat intelligence capabilities, from 47% last year to 62% this year. This includes an exponential increase in organizations with some degree of in-house CTI capability, from 83% to 93%.

Dedicated CTI Teams

While some organizations still employ a horizontal model where CTI responsibilities are shared among different security groups, survey results show that 52% of organizations now have dedicated threat intelligence teams. That’s the highest percentage ever recorded.

Roles and Skillsets

The survey reveals a shift towards involving a broader range of roles in CTI, including security analysts and incident responders. There's also an increase in auditor roles which reflects the industry’s heightened focus on compliance and regulation.

CTI Processes and Tools

Intelligence requirements, collection plans, and threat models are crucial threat intelligence program components for effective team operations. While the use of threat intelligence platforms (TIPs) and AI tools is growing, SIEM platforms emerged as the most utilized tool for aggregating and analyzing CTI.

ZeroFox Conclusion

SANS Institute’s CTI survey underscores the dynamic nature of cybersecurity and the increasing importance of engaging threat intelligence teams to defend against threats as they evolve. We’ll be paying particular attention to shifting geopolitical landscapes and technology advancements throughout 2024. To learn more, read the full report.

Tags: Cyber Trends