What Is Threat Management? Common Challenges and Best Practices


Threat management, or cyberthreat management, is a framework often used by cybersecurity professionals to manage the lifecycle of a threat in an effort to identify and respond to it with speed and accuracy. The foundation of threat management is a seamless integration between people, process and technology to stay ahead of threats.

Why Is Threat Management Important?

According to IBM’s 2019 Cost of a Data Breach Report, organizations can save on average $1.2 million when breaches are detected sooner. With the constant increase in the number of threats and the complexity of the attacks, organizations are struggling to keep up. Threat management is important to organizations now more than ever as it increases the collaboration between people, process and technology, giving organizations the best chance to detect threats sooner and respond more quickly.

Organizations that successfully adopt and implement the threat management framework often benefit from:

  • Lower risk with faster threat detection, consistent investigations and faster response
  • Continuous improvement through built-in process measurement and reporting
  • Increased security team skills, effectiveness and morale

3 Common Threat Management Challenges

Why is it so hard to protect against advanced persistent threats and insider threats? According to security leaders across the industry, three common challenges always come up:

1. Lack of Visibility

Security teams do not have complete visibility of their entire threat landscape with relevant context, including internal (HR, users, databases, cloud) and external data (social media, OSINT, threat intel, dark web, etc.) sources. This is often caused by the silos that exist between security teams, lack of integration between point solutions and undefined or inconsistent processes across the organization. According to IBM estimates, enterprises use as many as 80 different security products from 40 vendors.

2. Lack of Insights and Out-of-the-Box Reporting

Security teams do not have insights into which KPIs they should be tracking and how to get the actual metrics (e.g. ROI, MTTD, MTTR). There is also no easy way to create reports to show progress against maturity standards and compliance due to a lack of integrations between their point solutions. Additionally, if different security teams are measured against different KPIs, it often becomes difficult to align them on a common goal for the organization. According to various analyst research and our partners at IBM, the complexity of the IT environment ranks among the biggest security challenges.

3. Skill Shortage and Staff Burnout

Due to a skill shortage in the market and analyst burnout, security leaders are having a difficult time hiring qualified talent and keeping the current staff motivated. It is also difficult to find additional staff budget, and security leaders have to find creative ways to “borrow” talent from other cross-functional units such as customer support, technical sales, etc. and then train them to be effective in the field.

5 Best Practices for Effective Threat Management

To succeed and grow rapidly, an organization needs to unite defences and response to stop threats faster and more efficiently. Effective threat management is achieved when the following framework is applied:

Insight: Insight into current threat operations with global services that can be tailored locally to meet the unique needs of an organization.

Visibility: Visibility into the threat landscape, inside and out, with services to test cyber resiliency and technology that can integrate security and non-security data sources.

Detection: Detection of the most critical threats to an organization through integrations of AI, threat intelligence and attack models derived from years of experience securing top Fortune 500 companies.

Investigation: Investigation assisted by AI and advanced analytics across structured and unstructured data sources along with multiple degrees of separation correlation capabilities.

Response: Response that delivers automated actions against the most common threats and dynamic business-wide playbooks that offer orchestration across people, processes and technologies.

As organizations continue to struggle with increasingly frequent and complex attacks, it is essential for them to unite people, process and technology to stop threats faster and more efficiently. Threat management provides a great framework to deliver insights into the threat landscape, help organizations detect threats faster, investigate intelligently with AI and advanced analytics and remediate rapidly with orchestration and automation.

Finally, it is essential to recognize that the threat management approach is beneficial to organizations of all sizes — SMBs to enterprises. Depending on the size of your organization, you may decide to implement a self-service platform or a white glove end-to-end threat management service.

To learn more about IBM’s cybersecurity solutions, please visit CDW.ca/IBM