Survey Reveals Critical Trends in Geopolitical Impact, AI Adoption, and Threat Hunting within CTI Teams.
Dubai, United Arab Emirates: SANS Institute, a global leader in cybersecurity training, has published the 2024 Cyber Threat Intelligence (CTI) Survey, authored by renowned cybersecurity experts, SANS Certified Instructor Rebekah Brown and SANS Instructor Candidate Andreas Sfakianakis. With a dramatic rise in covert activities, cloud breaches, and AI-driven attacks, the insights from this survey are vital for CISOs, CIOs, and security professionals looking to stay ahead of adversaries. Understanding the latest trends and preparing for emerging threats can help organizations protect their digital assets and maintain trust with customers and stakeholders.
As cyber threats continue to evolve in complexity and sophistication, this year’s survey highlights pivotal insights that are essential for organizations aiming to bolster their defenses with groundbreaking insights into the evolving threat landscape, with a focus on the significant influence of geopolitical events, the burgeoning role of artificial intelligence, and the emerging dominance of threat hunting within CTI teams.
Geopolitical and Regulatory Influences:
Geopolitics and new regulations are profoundly shaping CTI team activities. “The increasing frequency and complexity of global conflicts have made it essential for CTI teams to broaden their focus beyond internal issues,” said Brown. “Our survey shows that 77.5% of respondents recognize the significant impact of geopolitics on their intelligence requirements, highlighting the need for adaptive and informed responses to external threats.” Additionally, 74% of respondents emphasize the importance of adapting to new regulations, underscoring the necessity for CTI teams to stay compliant with evolving legal landscapes.
Rise of Threat Hunting:
For the first time, threat hunting has emerged as the top use case for CTI. This proactive approach to detecting unidentified threats has seen substantial reliance on the MITRE ATT&CK framework, with over 95% of respondents utilizing it for categorizing and communicating tactics, techniques, and procedures (TTPs). “The prominence of threat hunting reflects a strategic shift in how organizations are leveraging CTI,” Sfakianakis noted. “This approach not only enhances detection capabilities but also strengthens overall security posture.”
Impact of Artificial Intelligence:
AI is making significant inroads in CTI, with nearly one-quarter of respondents already leveraging AI in their programs and another 38% planning to adopt it. “Artificial intelligence is becoming a crucial tool for CTI teams, helping analysts prioritize and process vast amounts of information through advanced scoring and summarization techniques,” said Brown. However, she also highlighted the growing concern about the adversarial use of AI, stressing the importance of preparing for AI-driven threats.
Integration via Threat Intelligence Platforms (TIPs)
The survey highlights the critical role of Threat Intelligence Platforms (TIPs) in integrating CTI into the security stack. A notable 58% of participants reported incorporating CTI into their detection and response controls through TIPs’ built-in integration capabilities. “The mature state of TIPs demonstrates their effectiveness in disseminating threat intelligence across security tools, enhancing the overall efficiency of CTI programs,” Sfakianakis explained.
CTI in Vulnerability Management:
The role of CTI in vulnerability management has seen a significant increase, with 66% of respondents now using CTI to pinpoint actively exploited vulnerabilities. This marks a rise from 54% in 2017, demonstrating CTI’s pivotal role in prioritizing patches and supporting vulnerability remediation efforts. “Our findings highlight the growing reliance on CTI for operational purposes in vulnerability management, with 83% of respondents considering it essential for identifying and addressing critical vulnerabilities,” Brown stated.
About SANS Institute:
The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and OnDemand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s and bachelor’s degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their “human” cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community.
