SANS Cyber Threat Intelligence Survey
Why Cyber Threat Intelligence is Important
Cyber Threat Intelligence (CTI) is analyzed information about the capabilities, opportunities, and intent of adversaries conducting cyber operations. Adversaries tend to operate in and across digital networks and equipment that shape and impact businesses, critical infrastructure, and our daily lives. Understanding how threats are targeting information, systems, people, and organizations helps organizations and individuals alike understand how to perform threat hunting and security operations, respond to incidents, design better systems, understand risk and impact, make strategic changes, and protect themselves from future harm.
Even with the difficulties that 2020 brought, CTI work has continued to grow and mature—a record number of organizations report that they have clearly communicated intelligence requirements as well as methods and processes in place to measure the effectiveness of CTI programs. These improvements continue to show the resilience of the field and the value of CTI as a resource for clarity and prioritization when complex challenges arise.
This survey also includes information surrounding:
- The value of CTI
- The reversal of recent CTI trends
- How organizations and CTI analysts are adapting to remote work
- Improvements regarding automated tools and processes
- How the CTI field is growing and next steps for the community