Threat Intelligence Sharing Platforms Survey 2023

Empirical study on the use of threat intelligence sharing platforms

The security of IT systems is one of the key success factors of digitization. However, there are not always sufficient resources available to organisations to ensure adequate IT security levels. One option for reducing this problem is more intensive automation of IT security subtasks. Threat Intelligence Sharing Platforms (TISPs) may be a key building block in this respect. These platforms are Internet-based platforms for the cross-organisational exchange of threat and security information. TISPs support the collection of data originating from different sources, their aggregation and joint evaluation as well as the export of analysis data to IT systems of organisations and enable a faster, more targeted and more efficient detection and combating security incidents.

The aim of this survey is to investigate how common the use of threat intelligence sharing platforms (TISPs) is worldwide and how intensively, how precisely and what the purposes are for which these platforms are used in companies, authorities, and universities. After evaluating the survey results, we expect to describe the current status quo of the use of TISPs more accurately. Based on the findings of the survey, recommendations for the use of TISPs will be developed. This should enable IT security managers to use these platforms in a more targeted and efficient manner.

A team of researchers from the Department of Information and Knowledge Management at the Technische Universität Ilmenau and the Department of Computer Science at the University of Innsbruck is responsible for the study.

After evaluating the survey results, we expect to be able to describe the status quo of the use of TISPs in more detail. Among other things, the following research questions will be answered:

  • How common is the use of TISPs worldwide? Which organisations use them and what characterises these organisations?
  • Are there differences in diffusion, not only in industries but also in countries?
  • Are there any globally dominant TISPs?
  • For what reasons do organisations use TISPs and what are the barriers to their use?
  • What criteria are important for the selection of TISPs?
  • Which functions of TISPs do organisations use and which fields of application are supported by the use of TISPs?
  • Are TISPs connected to or integrated with other internal organisational IT security systems or are the platforms operated as stand-alone solutions?
  • Is threat and security information shared internal, external or both using TISPs?

Based on the findings of the study, recommendations for the use of TISPs will be developed. This should enable IT security managers to use these platforms in a more targeted and efficient manner.

The following target groups can benefit from the results of the study:

  • Users of TISPs can benchmark and compare themselves with competitors or similar organisations that also use them based on the study results.
  • Potential users of TISPs can learn why the platforms are used and what the use cases are. Furthermore, they can find out which of the platforms are used, how and for what.
  • Providers and developers of TISPs learn how users use their platforms and whether they are satisfied with them. This may provide starting points for further development.

Contact: