Crowd-2017年威胁、监测、检测和响应报告英文-2017-47页-（46页）.pdf

1、THREAT 2017 REPORT MONITORING, DETECTION also lay traps to develop our own learnings THREAT MONITORING, DETECTION & RESPONSE REPORT25 Q: Who are the primary consumers of threat intelligence in your organization? USERS OF THREAT INTELLIGENCE Our survey investigated the uses of threat intelligence. As

2、 would be expected, the IT security team is the primary consumer (70%), with the incident response and SOC teams being significant consumers of data (43% and 38% respectively). What is interesting is the breadth of usage extending to executive management and legal. IT security team Incident response

3、 team 70% 43% Security operations center (SOC) 38% Automated threat intelligence 28% Insider threat team 23% Risk and compliance groups 21% Middle management, business owners 21% Legal department 13% Workforce in general 10% Executive leadership (Board of Directors, C-level staff) 25% THREAT MONITOR

4、ING, DETECTION & RESPONSE REPORT26 Q: Has the occurrence of security breaches changed as a result of using threat intelligence solutions? THREAT INTELLIGENCE IMPACT One of our most significant areas of investigation was to identify the benefits of the use of threat intelligence. As we found, about h

5、alf (49%) of respondents reported a reduction in breaches although to varying degrees. No Improvement Not sure Some reduction in breaches Significant reduction in breaches 17% 17% 32% 34% t and move the following slices to the top: 17% “Signifcant reduction in breaches” and 32% “Some reduction in br

6、eaches”. THREAT MONITORING, DETECTION & RESPONSE REPORT27 PRIORITIZATION OF SECURITY EVENTS In threat management, an important question is how security events are brought to the attention of the IT/security team. Here we see a significant difference between all respondents, and those that declare th