Survey reveals gap between threat intelligence & execution
A new survey has highlighted a disconnect between the importance organisations place on threat intelligence and their ability to implement it effectively.
The research, conducted by Cyware, collected responses from 100 cybersecurity executives and professionals working across enterprises, government agencies, and service providers. Nearly all respondents (92%) described operationalising threat intelligence as either "absolutely crucial" or "very important" in their organisations' efforts to combat cyber threats.
Despite this consensus, only 13% of those surveyed reported satisfaction with their automation between cyber threat intelligence (CTI) and security operations (SecOps) tools. The survey also found that nearly 40% of participants experienced difficulty coordinating data between critical security systems such as Threat Intelligence Platforms (TIPs), Security Information and Event Management (SIEM) tools, and vulnerability management platforms.
Speaking on the findings, Anuj Goel, Co-founder and Chief Executive Officer of Cyware, stated: "The RSAC survey data reveals a serious gap between that belief and the operational reality. Threat intelligence isn't just about collecting data - it's about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations."
Internal collaboration and automation maturity were flagged as key areas where organisations fall short. Although almost all those surveyed regard threat intelligence sharing as fundamental, only a small proportion felt their automation systems worked well in practice.
Artificial intelligence (AI) is seen as a promising area for improving threat intelligence processes, with 78% of respondents believing AI will enhance threat intel sharing within their organisations. However, only 43% reported that AI has already made a meaningful impact, pointing to difficulties in implementing AI solutions and integrating them into existing security processes.
The Cyware survey also drew attention to the timeliness of threat intelligence sharing. Only 17% of teams said they disseminate threat intelligence among key roles — such as SecOps, incident response, and vulnerability management - in real time, while another 25% do so on a daily basis. At the same time, 22% indicated that information is shared infrequently or not at all, raising questions about internal communication and responsiveness to emerging threats.
External collaboration with industry peers for the purpose of improving threat intelligence is another area identified for additional growth. According to the survey, while 57% of respondents claimed that their organisation collaborates with other companies in their sector, a significant 30% were unsure if this kind of peer cooperation even exists at their workplace.
Automation challenges remain evident, with more than half (56%) of survey participants reporting significant or moderate obstacles in automating workflows across CTI and SecOps teams. This suggests that technical, procedural, or organisational hurdles are hampering efforts to scale effective threat intelligence practices.
Additionally, participation in Information Sharing and Analysis Centres (ISACs) or similar organisations is relatively low. Only 18% confirmed their organisation is involved with such groups, while 45% were unaware of any such participation. The lack of engagement or awareness about ISACs could be limiting access to valuable, sector-specific threat information, potentially reinforcing the existing silos within the threat intelligence community.
The survey's findings align with a broader trend: as cyber threats evolve and become more complex, organisations face mounting pressure to bridge the gap between recognising the importance of threat intelligence and actually executing it through internal collaboration, real-time sharing, automation, and peer engagement.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
22-05-2025
- Techday NZ
Survey reveals gap between threat intelligence & execution
A new survey has highlighted a disconnect between the importance organisations place on threat intelligence and their ability to implement it effectively. The research, conducted by Cyware, collected responses from 100 cybersecurity executives and professionals working across enterprises, government agencies, and service providers. Nearly all respondents (92%) described operationalising threat intelligence as either "absolutely crucial" or "very important" in their organisations' efforts to combat cyber threats. Despite this consensus, only 13% of those surveyed reported satisfaction with their automation between cyber threat intelligence (CTI) and security operations (SecOps) tools. The survey also found that nearly 40% of participants experienced difficulty coordinating data between critical security systems such as Threat Intelligence Platforms (TIPs), Security Information and Event Management (SIEM) tools, and vulnerability management platforms. Speaking on the findings, Anuj Goel, Co-founder and Chief Executive Officer of Cyware, stated: "The RSAC survey data reveals a serious gap between that belief and the operational reality. Threat intelligence isn't just about collecting data - it's about connecting people, processes, and platforms to act on it. These findings reinforce the need for more unified, automated, and collaborative approaches to security operations." Internal collaboration and automation maturity were flagged as key areas where organisations fall short. Although almost all those surveyed regard threat intelligence sharing as fundamental, only a small proportion felt their automation systems worked well in practice. Artificial intelligence (AI) is seen as a promising area for improving threat intelligence processes, with 78% of respondents believing AI will enhance threat intel sharing within their organisations. However, only 43% reported that AI has already made a meaningful impact, pointing to difficulties in implementing AI solutions and integrating them into existing security processes. The Cyware survey also drew attention to the timeliness of threat intelligence sharing. Only 17% of teams said they disseminate threat intelligence among key roles — such as SecOps, incident response, and vulnerability management - in real time, while another 25% do so on a daily basis. At the same time, 22% indicated that information is shared infrequently or not at all, raising questions about internal communication and responsiveness to emerging threats. External collaboration with industry peers for the purpose of improving threat intelligence is another area identified for additional growth. According to the survey, while 57% of respondents claimed that their organisation collaborates with other companies in their sector, a significant 30% were unsure if this kind of peer cooperation even exists at their workplace. Automation challenges remain evident, with more than half (56%) of survey participants reporting significant or moderate obstacles in automating workflows across CTI and SecOps teams. This suggests that technical, procedural, or organisational hurdles are hampering efforts to scale effective threat intelligence practices. Additionally, participation in Information Sharing and Analysis Centres (ISACs) or similar organisations is relatively low. Only 18% confirmed their organisation is involved with such groups, while 45% were unaware of any such participation. The lack of engagement or awareness about ISACs could be limiting access to valuable, sector-specific threat information, potentially reinforcing the existing silos within the threat intelligence community. The survey's findings align with a broader trend: as cyber threats evolve and become more complex, organisations face mounting pressure to bridge the gap between recognising the importance of threat intelligence and actually executing it through internal collaboration, real-time sharing, automation, and peer engagement.
Techday NZ
21-05-2025
- Techday NZ
Exabeam partners with Vectra AI to boost cloud threat defence
Exabeam has announced a partnership with Vectra AI to integrate the Exabeam New-Scale Security Operations Platform with the Vectra AI Platform. The collaboration aims to address the challenges faced by security teams in identifying advanced threats, particularly those that move laterally across cloud environments. Many existing solutions, originally developed for on-premises systems, struggle to detect these attacks, resulting in delayed responses and increased manual workloads for analysts. The integration combines Exabeam's SIEM, user and entity behaviour analytics (UEBA), and automated workflows with Vectra AI's network detection and response (NDR) capability. According to Exabeam, this unified solution will centralise visibility, accelerate threat detection, and streamline investigation processes across cloud-based environments. Vectra AI's platform provides visibility into lateral threat movement by monitoring activity both east-west and north-south across a variety of network architectures, including data centres, campus facilities, remote workspaces, cloud, and operational technology (OT) environments. By incorporating Vectra AI's analytics into the Exabeam infrastructure, the two companies aim to give security teams improved detection and response capabilities. Steve Wilson, Chief AI and Product Officer at Exabeam, said, "Teaming up with Vectra AI, isn't just a partnership, it's a power move. We need to shift the balance in cybersecurity, putting defenders back in control. With their cloud threat intel and our AI-driven platform, we're exposing the threats others miss and flipping the script on what modern threat detection looks like." The integration is designed to provide a number of practical benefits. Accelerated threat detection is achieved by consolidating security data from various sources and automating processes throughout the security operations centre (SOC) stack. This allows analysts to identify and respond to incidents faster and with greater accuracy. Enhanced visibility is another feature, with the combined platform able to detect network-based risks throughout cloud infrastructures by leveraging behavioural analytics. This helps security teams spot lateral movement, insider threats, and post-compromise activities that traditional tools might overlook. Streamlined operations are facilitated by out-of-the-box integration features. These include prebuilt mappings, a preconfigured Vectra AI dashboard tile, and webhook collectors, all of which are intended to speed up deployment and reduce ongoing operational complexity for SOC teams. Jeff Reed, Chief Product Officer at Vectra AI, said, "Security teams today need visibility to stay ahead of advanced threats, especially as attacks become more complex and move across hybrid and cloud environments. By integrating Vectra AI's advanced NDR with Exabeam's powerful SIEM and automation capabilities, we're empowering teams with a unified, intelligent platform to quickly identify, investigate, and stop threats before they escalate. This partnership is a major step forward in modernising security operations for the AI-driven threat landscape." The partnership is built on the understanding that today's threat landscape is increasingly shaped by cloud adoption and remote work, where attack vectors are more diverse and attacks often bypass traditional network boundaries. By providing centralised and integrated defence tools, Exabeam and Vectra AI aim to help organisations keep pace with these developments and reduce the burden on security staff. Analysts using the integrated platform are expected to benefit from simplified incident investigations, less manual effort, and improved overall security outcomes. The new solution is positioned as addressing a market demand for unified threat detection and response that adapts to both legacy systems and modern, cloud-native environments.
Scoop
01-05-2025
- Scoop
Enterprises To Redefine Cyber Resilience With Rackspace And Rubrik
Press Release – Rubrik Rackspace Cyber Recovery Cloud powered by Rubrik Enables Organisations to Restore Critical Operations Faster and More Securely than Traditional Offerings in the Event of a Cyber Attack SAN FRANCISCO , April 30, 2025 — LIVE! from RSAC, Rubrik (NYSE: RBRK), a leading cybersecurity company, and Rackspace Technology ® (NASDAQ: RXT), a leading end-to-end hybrid cloud and AI solutions company, today announced a strategic partnership. The two companies will collaborate to deliver a fully managed isolated recovery service, Rackspace Cyber Recovery Cloud powered by Rubrik, to help enterprises achieve true cyber resilience and ensure business continuity in the event of a cyber attack. By combining Rubrik's data protection and cyber recovery software with Rackspace's hybrid cloud expertise and global data centre footprint, this partnership addresses immediate cyber recovery needs and empowers businesses to reduce their operational risk as a competitive advantage. Why does this matter? Organisations today face increasing ransomware threats, with attacks becoming more sophisticated, frequent, and devastating as 92 per cent of victims experience data encryption and 60 per cent suffer data theft. Traditional backup and recovery solutions can take weeks or months to restore business operations. Designed as an isolated on-demand or dedicated managed solution, the Rackspace Cyber Recovery Cloud powered by Rubrik gives enterprises access to an air-gapped platform to recover mission-critical workloads following a cyber attack. The solution aims to provide enterprises with an orchestrated recovery approach designed to enable restoration in hours instead of days, weeks or months, thereby providing business continuity in a clean, isolated environment. 'The launch of Rackspace Cyber Recovery Cloud powered by Rubrik comes at a critical time as ransomware incidents and compliance risks continue to escalate, while traditional backup and disaster recovery solutions have become insufficient, cost-prohibitive, and technically challenging,'' said Amar Maletira, CEO of Rackspace Technology. 'This strategic partnership with Rubrik fills a recognised gap in the market and delivers something truly unique – the ability to recover data as well as rapidly restore operational capability in a clean, isolated environment in hours rather than days or weeks.' The new offering is designed to meet the operational continuity needs of organisations across non-regulated and highly regulated industries such as banking, financial services, insurance, and healthcare, where seamless operations and data integrity are vital. 'As we chart the course for a more secure digital future, our collaboration with Rackspace Technology represents the paramount next step in our journey,' said Bipul Sinha, CEO, Chairman, and Co-founder of Rubrik. 'Unified as a cohesive force, we aim to provide customers with a robust and streamlined approach to cyber recovery, ensuring the safeguarding of vital data and uninterrupted business continuity.' Rackspace Cyber Recovery Cloud powered by Rubrik: A Confident Path to Cyber Resilience Rackspace Cyber Recovery Cloud powered by Rubrik, enables customers to replicate their validated backups, ensuring data remains secure and ready for rapid deployment. In the event of a cyber attack, Rubrik can quickly identify clean, safe backup data. At the same time, Rackspace can restore critical workloads within hours to an isolated recovery environment entirely separate from the customer's production and disaster recovery systems all managed by Rackspace. 'Rackspace Cyber Recovery Cloud delivers a robust, Rubrik-powered solution that ensures swift and secure workload restoration in the face of cyber attacks,' states Steven Dickens, CEO and Principal Analyst, HyperFRAME Research. 'Its on-demand and dedicated options provide cost-effective flexibility for organisations navigating rising ransomware threats and compliance demands.' Guiding organisations through cyber resiliency planning and implementation. Cyber Recovery Readiness Assessment: To prepare for a successful deployment of Rackspace Cyber Recovery Cloud powered by Rubrik, it is critical to conduct a complete cyber readiness assessment that identifies critical applications, maps dependencies, and prioritises workloads based on business impact. The result is a clear, actionable roadmap tailored to the organisation's specific recovery goals. Cyber Recovery Cloud On-Boarding: Following the readiness assessment, this service is designed to ensure seamless configuration and testing of Rackspace Cyber Recovery Cloud powered by Rubrik. This includes engineers configuring the isolated recovery environment, building recovery templates, testing real-world scenarios, and delivering a tailored business continuity plan that aligns with operational needs and the customer's recovery targets. About Rackspace Technology Rackspace Technology is a leading end-to-end, hybrid and AI solutions company. We can design, build, and operate our customers' cloud environments across all major technology platforms, irrespective of technology stack or deployment model. We partner with our customers at every stage of their cloud journey, enabling them to modernise applications, build new products, and adopt innovative technologies. About Rubrik Rubrik (NYSE: RBRK) is on a mission to secure the world's data. With Zero Trust Data Security™, we help organisations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organisations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked. For more information, please visit and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn. SAFE HARBOR STATEMENT: This press release contains express and implied 'forward-looking statements' within the meaning of the Private Securities Litigation Reform Act of 1995, including statements regarding Identity Resilience and its anticipated benefits for our customers. By their nature, these statements are subject to numerous uncertainties and risks, including factors beyond our control, that could cause actual results, performance or achievement to differ materially and adversely from those anticipated or implied in the statements, including those described under the caption 'Risk Factors' and elsewhere in our most recent filings with the Securities and Exchange Commission, including our annual report on Form 10-K for the fiscal year ended January 31, 2025. Forward-looking statements speak only as of the date the statements are made and are based on information available to us at the time those statements are made and/or management's good faith belief as of that time with respect to future events. We assume no obligation to update forward-looking statements to reflect events or circumstances after the date they were made, except as required by law. Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.
