Threat Intelligence Sharing Platforms Survey DACH 2022
Empirical Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and Switzerland
The security of IT systems is one of the key success factors of digitization. However, often only a few companies and public authorities have sufficient resources to ensure adequate IT security levels at all times. One option for reducing resource problems is more intensive automation of IT security management subtasks. Threat Intelligence Sharing Platforms can be an important building block for this. These are Internet-based platforms for the cross-organizational exchange of threat and security information. Threat Intelligence Sharing Platforms support the collection of data from various sources, their aggregation and cooperative evaluation, as well as the export of analysis data to IT systems of companies, authorities and universities. Various manufacturers offer solutions for this purpose, sometimes with considerable differences in functionality.
The aim of the study is to investigate how intensively Threat Intelligence Sharing Platforms are used in Germany, Austria and Switzerland and how exactly they are used in companies, public authorities and universities. For this purposea team of researchers from the Technical University of Ilmenau and the University of Innsbruck, in collaboration with the Federal Information Technology Center (ITZBund), will conduct an online survey in the third quarter of 2022. In particular, CISOs, CIOs and/or other persons responsible for information security are to be surveyed.
After evaluating the survey results, we expect to be able to describe the status quo of the use of Threat Intelligence Sharing Platforms in Germany, Austria and Switzerland in more detail. Among other things, the following research questions will be answered:
- Which companies, authorities and universities use Threat Intelligence Sharing Platforms? What characterizes these organizations?
- Which data/information do the organizations obtain from Threat Intelligence Sharing Platforms and which functions of these platforms do they use and how?
- What security processes are supported by the organizations' use of Threat Intelligence Sharing Platforms?
- What added value do the organizations through Threat Intelligence Sharing Platforms and to what extent have the expectations and objectives associated with their use been fulfilled?
Based on the findings of the study, recommendations for the use of threat intelligence sharing platforms will be developed. This should enable IT security managers to use these platforms in a more targeted and efficient manner.
The following target groups can benefit from the results of the study:
- Users of Threat Intelligence Sharing Platforms are able to benchmark with the results and compare themselves with competitors or similar organizations that also use them. They get a detailed impression of how other organizations are using Threat Intelligence Sharing Platforms and can thus identify potential for improvement.
- Potential users of Threat Intelligence Sharing Platforms can learn why they are used and what the use cases are. Furthermore, they can learn which of the platforms are used, how and for what purpose.
- Providers of Threat Intelligence Sharing Platforms can learn how users use their platform and whether they are satisfied with the platforms. From this, starting points for further development can be gained, if necessary.
Contact:
