ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of consumers, users, developers, vendors and the security research community.
The study channels its efforts into identifying some of the key opportunities and limitations of existing platforms and solutions, since information exchange formats and tools remain central items on the agenda of the cybersecurity community in general, and particularly of incident responders.
The project came as an acknowledgment of the increasing demand for relevant and ‘context aware’ security data, as information security management is becoming a key component of any modern organisation.
For the purpose of this project, ENISA has engaged leading field experts and has performed a research of existing tools, practices and TIPs academic literature. The report concludes with a series of actionable findings and recommendations, so that current TIPs limitations are addressed and overcome.
Furthermore, the report presents a detailed overview of the users of these platforms, the main functional areas of TIPs as well as the current landscape of the TIPs used globally by different teams (CTI teams, SOCs, CSIRTs/CERTs, ISACs, etc.).
The report concludes with a series of recommendations addressed to users and organisations, TIPs developers and vendors as well as the research community and academia.
The report is complemented by a TIPs maturity model assessment scheme provided as an ANNEX.
As a centre of expertise in the field of cyber security, ENISA will continue to monitor the evolution of threat intelligence platforms and services, as part of the Agency’s commitment to contribute to a more secure and safe cyberspace.
The full report can be consulted here.