Enterprise organizations will increase spending, investing in areas like threat intelligence distribution, digital risk management, and security technology integration. Credit: Flamingo Images / Shutterstock In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies.Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise organizations bolster CTI program investment. Sixty-three percent of enterprises plan to increase CTI program spending “significantly” over the next 12 to 18 months, while another 34% plan to increase CTI program spending “somewhat.”Why all this spending? Because CTI can deliver technology and business benefits. The research reveals some of the biggest influences on CTI programs include the need to learn about threats to companies earmarked for M&A, the threat of individual hackers or cyber-adversary groups planning targeted attacks, and the need to learn about adversary tactics, techniques, and procedures (TTPs) so organizations can reinforce their security defenses. Why CISOs will spend more on threat intelligenceCISOs clearly believe that further investments in threat intelligence programs can mitigate cyber-risks while improving threat prevention and detection. Over the next 12 to 24 moths: Thirty percent of organizations will prioritize sharing threat intelligence reports more readily with internal groups. This is a step in the right direction as threat intelligence has value beyond the security operations center (SOC) for alert enrichment. CISOs can use CTI to prioritize investments and validate security controls, while business managers can balance digital transformation initiatives with more thorough risk management decisions. CTI dissemination and consumer feedback are key phases of a mature threat intelligence lifecycle.Twenty-seven percent of organizations will prioritize investing in digital risk protection (DRP) services. As organizations expand their digital footprints, they need a better understanding of the accompanying risks. DRP services provide this visibility by monitoring things like online data leakage, brand reputation, attack surface vulnerabilities, and deep/dark web chatter around attack planning.Twenty-seven percent of organizations will prioritize integration with other security technologies. Beyond endpoints, email, and network perimeters, CISOs want CTI integration with cloud security tools, security information and event management (SIEM) and extended detection and response (XDR) solutions, and security service edge (SSE) tools like secure web gateways and cloud access service brokers (CASBs). More integration equates to blocking more indicators of compromise (IoCs) and developing a more comprehensive threat-informed defense.Twenty-seven percent of organizations will prioritize acquiring a threat intelligence platform (TIP) for threat intelligence collection, processing, analysis, and sharing. Once the exclusive domain of the largest enterprises, TIPs are slowly moving down market. I anticipate a lot of this spending will end up with service providers like Flashpoint, Mandiant, Rapid7 (Intsights), Recorded Future, Reliaquest (Digital Shadows), SOCRadar, and ZeroFox. The big brands like Cisco, CrowdStrike, IBM, Microsoft, and Palo Alto Networks will also get a fair slice of the pie.Twenty-six percent of organizations will prioritize developing a more formal program. Organizations realize they can no longer skate by on some open-source threat intelligence feeds reviewed by part-time threat analysts. Rather, they need staffing and processes to execute a full CTI lifecycle. While CISOs get their internal houses in order, most will rely on service providers, like those mentioned above, to do much of the real work.As the famous Sun Tzu quote states: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Organizations with mature CTI programs know themselves, know the enemy, and then use this knowledge to optimize cyber-risk mitigation and security defenses. Related content news Arctic Wolf sniffs out new ransomware variant The ransomware payload is designed for an easy and quicker payday over a deep, double-extortive infection. By Shweta Sharma Jun 05, 2024 3 mins Ransomware feature Unauthorized AI is eating your company data, thanks to your employees Legal documents, HR data, source code, and other sensitive corporate information is being fed into unlicensed, publicly available AIs at a swift rate, leaving IT leaders with a mounting shadow AI mess. By Grant Gross Jun 05, 2024 7 mins Data Privacy Generative AI IT Governance news NIST is finally getting help with the National Vulnerability Database backlog NIST is paying Analygence $865,657 to help process incoming CVEs. By Paul Barker Jun 04, 2024 3 mins Threat and Vulnerability Management Vulnerabilities news Major service tag security problems reported in Microsoft Azure Microsoft has opted not to fix the issue reported by Tenable Research, but many defend that decision, arguing that this should be decided by CISOs based on their environment. By Evan Schuman Jun 04, 2024 5 mins Cloud Security Security Practices Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe