Enterprise organizations will increase spending, investing in areas like threat intelligence distribution, digital risk management, and security technology integration. Credit: Flamingo Images / Shutterstock In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies.Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise organizations bolster CTI program investment. Sixty-three percent of enterprises plan to increase CTI program spending “significantly” over the next 12 to 18 months, while another 34% plan to increase CTI program spending “somewhat.”Why all this spending? Because CTI can deliver technology and business benefits. The research reveals some of the biggest influences on CTI programs include the need to learn about threats to companies earmarked for M&A, the threat of individual hackers or cyber-adversary groups planning targeted attacks, and the need to learn about adversary tactics, techniques, and procedures (TTPs) so organizations can reinforce their security defenses. Why CISOs will spend more on threat intelligenceCISOs clearly believe that further investments in threat intelligence programs can mitigate cyber-risks while improving threat prevention and detection. Over the next 12 to 24 moths: Thirty percent of organizations will prioritize sharing threat intelligence reports more readily with internal groups. This is a step in the right direction as threat intelligence has value beyond the security operations center (SOC) for alert enrichment. CISOs can use CTI to prioritize investments and validate security controls, while business managers can balance digital transformation initiatives with more thorough risk management decisions. CTI dissemination and consumer feedback are key phases of a mature threat intelligence lifecycle.Twenty-seven percent of organizations will prioritize investing in digital risk protection (DRP) services. As organizations expand their digital footprints, they need a better understanding of the accompanying risks. DRP services provide this visibility by monitoring things like online data leakage, brand reputation, attack surface vulnerabilities, and deep/dark web chatter around attack planning.Twenty-seven percent of organizations will prioritize integration with other security technologies. Beyond endpoints, email, and network perimeters, CISOs want CTI integration with cloud security tools, security information and event management (SIEM) and extended detection and response (XDR) solutions, and security service edge (SSE) tools like secure web gateways and cloud access service brokers (CASBs). More integration equates to blocking more indicators of compromise (IoCs) and developing a more comprehensive threat-informed defense.Twenty-seven percent of organizations will prioritize acquiring a threat intelligence platform (TIP) for threat intelligence collection, processing, analysis, and sharing. Once the exclusive domain of the largest enterprises, TIPs are slowly moving down market. I anticipate a lot of this spending will end up with service providers like Flashpoint, Mandiant, Rapid7 (Intsights), Recorded Future, Reliaquest (Digital Shadows), SOCRadar, and ZeroFox. The big brands like Cisco, CrowdStrike, IBM, Microsoft, and Palo Alto Networks will also get a fair slice of the pie.Twenty-six percent of organizations will prioritize developing a more formal program. Organizations realize they can no longer skate by on some open-source threat intelligence feeds reviewed by part-time threat analysts. Rather, they need staffing and processes to execute a full CTI lifecycle. While CISOs get their internal houses in order, most will rely on service providers, like those mentioned above, to do much of the real work.As the famous Sun Tzu quote states: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Organizations with mature CTI programs know themselves, know the enemy, and then use this knowledge to optimize cyber-risk mitigation and security defenses. Related content news Spam blocklist SORBS shuts down after over two decades The service was unsustainable but those in the email deliverability industry expressed mixed feelings about the closure. By Evan Schuman Jun 07, 2024 4 mins Email Security Antispam news analysis New RansomHub ransomware gang has ties to older Knight group File encryption malware used by RansomHub appears to be a modified variant of the Knight ransomware, also known as Cyclops. By Lucian Constantin Jun 07, 2024 4 mins Hacker Groups Ransomware Hacking feature Whitelisting explained: How it works and where it fits in a security program Whitelisting locks down computers so only approved applications can run. Is the security worth the administrative hassle? By Josh Fruhlinger and CSO Staff Jun 07, 2024 10 mins Email Security Application Security Data and Information Security interview How Amazon CISO Amy Herzog responds to cybersecurity challenges Amazon CISO for devices and advertising products and services describes how her team works with product and devops teams to ensure products are cybersecure. By David Strom Jun 07, 2024 5 mins Security Practices Vulnerabilities Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe