SAN MATEO, Calif. — July 24, 2013 — Norse, a provider of live threat intelligence solutions, today unveiled the Ponemon Institute 2013 Live Threat Intelligence Impact Report. The comprehensive study, which includes a survey of more than 700 respondents from 378 enterprises, defines what “live threat intelligence” is; how global enterprises are using it defend against compromises, breaches and exploits; and the financial damage that slow, outdated and insufficient threat intelligence is inflicting on them.

Following are the most salient findings that came out of the enterprises represented in the research. According to respondents:

  • They spent an average of $10 million in the past 12 months to resolve the impact of exploits.
  • If they had actionable intelligence about cyberattacks within 60 seconds of a compromise, they could reduce this cost on average by $4 million (40 percent).
  • Those that have been able to stop cyberattacks say they need actionable intelligence 4.6 minutes in advance to stop them from turning into compromises.
  • 60 percent were unable to stop exploits because of outdated or insufficient threat intelligence.
  • Those not successful in detecting attacks believe 12 minutes of advanced warning is sufficient to stop them from developing into compromises.
  • 57 percent believe threat intelligence currently available to most companies is often too stale to enable them to grasp and understand the strategies, motivations, tactics and location of attackers.
  • Only 10 percent know with absolute certainty that a material exploit or breach to networks or enterprise systems occurred.

In addition to the aforementioned findings, the report also points out that traditional “real-time” threat intelligence, which delivers delayed-response capabilities at best, is no longer able to provide information at the speed needed to defend against advanced cyberattacks. Readers will learn about a new breed of live threat intelligence available now that observes cyberattacks as they happen, analyzing threat data and delivering actionable intelligence to enterprises within milliseconds rather than hours, days, or weeks as is the case with many of today’s threat intelligence services.

“These findings are startling but not surprising. Enterprises are conditioned to believe that after-the-fact threat intelligence is all that is available, a perception that is leaving them open to compromises and data breaches that are costing them millions,” said Sam Glines, CEO, Norse. “This report makes it clear that enterprises are in need of an advanced level of threat intelligence that shrinks the interval between attack identification and mitigation down to minutes or even seconds if they are to survive the modern-day cyberthreat juggernaut.”

“Ponemon Institute has conducted IT security research for over a decade, and this is one of the first studies that reveals the facts behind the impact that weak threat intelligence is having on organizations,” said Larry Ponemon, founder and chairman of Ponemon Institute. “Anyone who reads this report will come to understand that live threat intelligence must be an integral part of any security strategy.”

Also in the report were a number of other findings about the state of cybersecurity within the participating enterprises:

  • 72 percent believe that in order to defend against an attack, it is important to essential to know the geo-location of attack sources.
  • 69 percent believe that future attacks are most likely to come from China, but 71 percent said they were seeing most of their current attacks originating in the U.S.
  • 57 percent of say Advanced Persistent Threats (APTs) are their greatest concern; 54 percent say they are most concerned about root kits; 45 percent say SQL and code injection is their biggest worry.
  • 35 percent rely on IT security teams’ “gut feel” to determine whether or not an attack will occur.
  • 34 percent believe that criminal syndicates pose the biggest threat to their enterprise; 19 percent said state-sponsored attackers were the greatest threat.
  • 9 percent cannot determine whether or not they are compromised.
  • A wide range of technologies is used to gather threat intelligence, ranging from SIEM to IDS to IAM to Big Data analytics and firewalls. On a one-to-10 scale of effectiveness, only 22 percent rate these technologies between a seven and a 10, and 78 percent rate them between a one and a six.

Methodology and demographics

The survey polled 708 IT and IT security professionals from 378 enterprises; respondents ranged in position from executive vice president to staff, with technicians (35 percent) making up the largest segment. Sixty percent of respondents reported directly to the chief information officer. There were 14 industry segments represented; financial services (19 percent) was the largest segment, followed by health and pharmaceutical (12 percent), and public sector (12 percent). Thirty percent of respondents worked in enterprise-sized organizations with a global headcount of 5,000 or more employees.

To view the report, visit: //

To learn more about the report methodology and key findings, visit the Ponemon Institute blog:

About Ponemon Institute

Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Norse

Norse is the leading innovator in the live threat intelligence security market. With the goal of transforming the traditionally reactive IT security industry, Norse offers proactive, intelligence-based security solutions that enable organizations to identify and defend against the advanced cyberthreats of today and tomorrow. Norse’s synchronous, global platform is a patent-pending infrastructure-based technology that continuously collects and analyzes real-time, high risk Internet traffic to identify the sources of cyberattacks and fraud. Norse is the only provider of live, actionable, cyberthreat intelligence that enables organizations to prevent financial fraud and proactively defend against today’s most advanced cyber threats including zero day and advanced persistent threats. Norse has offices in Silicon Valley and St. Louis. Visit us online at


Kim Gengler for HORN