ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of consumers, users, developers, vendors and the security research community.
The study channels its efforts into identifying some of the key opportunities and limitations of existing platforms and solutions, since information exchange formats and tools remain central items on the agenda of the cybersecurity community in general, and particularly of incident responders.
The project came as an acknowledgment of the increasing demand for relevant and ‘context aware’ security data, as information security management is becoming a key component of any modern organisation.
For the purpose of this project, ENISA has engaged leading field experts and has performed a research of existing tools, practices and TIPs academic literature. The report concludes with a series of actionable findings and recommendations, so that current TIPs limitations are addressed and overcome.
Furthermore, the report presents a detailed overview of the users of these platforms, the main functional areas of TIPs as well as the current landscape of the TIPs used globally by different teams (CTI teams, SOCs, CSIRTs/CERTs, ISACs, etc.).
Exploring the opportunities and limitations of current Threat Intelligence Platforms
The main objective of this report is to understand the limitations of threat information sharing and the analysis tools that are currently in use. Moreover, the second objective is to provide the relevant recommendations so that these limitations can be addressed and overcome.