Threat data feeds can help organizations strengthen their cybersecurity posture, according to a new report from Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection and information security policy. Neustar Inc., a global information services and technology company and leader in identity resolution, sponsored the independently conducted study on the state of threat feed effectiveness in the United States and the United Kingdom.
As cyberthreats proliferate, many organizations are using threat feeds with insights from domain name system (DNS) data to help IT security teams better understand threats and block malicious activity. A large majority (79%) of the more than 1,000 security professionals participating in the Ponemon study said threat data feeds were essential to their organization’s ability to achieve a strong cybersecurity posture, and more than half (55%) rate the quality of their threat feeds’ ability to pinpoint cyberthreats as very high.
Study participants said threat data feeds offer a number of benefits: they add unique data to better inform security (71%), increase preventive blocking to ensure a better defense (63%), reduce the mean time to detect and remediate an attack (55%), and reduce the time spent researching false positives (51%).
However, more than half (56%) of respondents also said threat feeds deliver data that is often too voluminous and/or complex to provide timely and actionable intelligence.
Neustar’s UltraThreat Feeds service addresses these issues by drawing on proprietary data derived from the company’s expansive authoritative and recursive DNS services, DDoS mitigation solutions, OneID system and IP geolocation data. This service, which processes the data and outputs the observations and key insights, has been designed by Neustar’s renowned DNS experts, as well as leading academic researchers. UltraThreat Feeds data, provided as either near real-time threat data feeds or via API calls (JSON format), enable organizations to detect potential threats and identify and stop bad traffic, both inbound and outbound.
“Facing an increase in the volume, sophistication and diversity of threats, enterprises are investing significant resources into threat intelligence solutions to bolster their cyber defenses,” said Michael Kaczmarek, senior vice president at Neustar. “Solutions that deliver real-time information on active threats, like Neustar’s UltraThreat Feeds service, can quickly deliver ROI across many layers of an organization’s defense by improving the performance of network and application security tools – such as SIEMs, TIPs, Next Gen Firewalls, IPS/IDS, WAFs, and DNS Firewalls – which require threat data to effectively detect and block malicious actors.”
Each of the organizations surveyed by Ponemon faced an average of 28 cyberattacks in the past two years. On average, respondents said 38% of these cyberattacks were not stopped because security teams lacked timely and actionable data from their data feeds. Respondents also reported that half (50%) of all attacks can be stopped using timely and actionable intelligence from their threat feeds.
“The deep, rich threat data delivered by Neustar’s UltraThreat Feeds service empowers users to identify indicators of compromise or malicious activity in near real time and act accordingly to limit or even prevent attacks,” added Kaczmarek.
The Ponemon report is based on survey responses from 1,025 IT security practitioners (70% of whom were at or above the supervisory level) in the U.S. and the U.K. whose organizations use threat data in their cybersecurity programs or infrastructure. The most-represented industry was financial services (18% of respondents), followed by industrial and manufacturing (12%), retail (11%), public sector (11%), and health and pharmaceuticals (9%). Just over half of the participants were from organizations with a global headcount of more than 5,000 employees. The surveys were carried out in November 2020.
To access the full report, go to https://www.home.neustar/resources/whitepapers/state-of-threat-feed-effectiveness.
For more information about Neustar’s UltraThreat Feeds, visit https://www.home.neustar/security-intelligence/ultrathreat-feeds. To learn more about Neustar’s full suite of security solutions, visit https://www.home.neustar/security-solutions.
Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enable trusted connections between companies and people at the moments that matter most. Neustar offers industry-leading solutions in marketing, risk, communications and security that responsibly connect data on people, devices and locations, continuously corroborated through billions of transactions. Neustar serves more than 8,000 clients worldwide, including 60 of the Fortune 100. Learn how your company can benefit from the power of trusted connections here: home.neustar.