Benchmark your
Cyber Threat Intelligence:
2024 SANS CTI Survey

The SANS Institute, presents the 2024 CTI Survey—a critical resource for CTI and SOC teams, as well as security leadership. 


With insights from 811 industry professionals and expert commentary from SANS authors, this comprehensive survey provides the actionable insights your organization needs to 

  • benchmark against industry standards,
  • identify gaps in your current processes,
  • and make informed decisions to enhance your SOC maturity journey.

What you can explore
through the report

Industry Insights:

See how other CTI professionals operate, the tools they use, and the strategies they implement, you can benchmark your own organization’s CTI practices against industry standards.

Best Practices:

Gaining insights into widely adopted best practices and successful strategies can help refine your own approaches to threat intelligence and improve your overall cybersecurity posture.

Integrating AI
in Cyber Threat Intelligence

Examine how and where organizations are integrating AI into their CTI processes, including the phases of CTI where AI is used or planned to be used, and the perceived effectiveness and value of AI in these processes.

Adversary use of Artificial Intelligence (AI) is the most useful CTI topic in the upcoming 12 months

Play Video

Threat hunting is the primary use case for threat intelligence.

Increasing demand for
in-depth malware information

Demand for detailed intelligence is on the rise, with Threat Hunting being the top use case for CTI, closely followed by Incident Response. The insights on malware families and attack trends are among the most valuable for the upcoming year.

In-house or external? 
Managing the CTI function

Learn whether CTI functions and activities are typically handled in-house, by service providers, or through a combination of both, and the implications of each approach.

Play Video

Facilitate a combination of in-house threat intelligence and TI service providers.

Dark web has increased from 27% to 48% as a source for CTI, indicating the rise of ransomware and infostealers

The scope of
content collection

Explore the types of information that are considered part of CTI collection plans, offering a detailed look at the data and intelligence prioritized by leading organizations.

Why check the full report?


Identify the gaps

Helps identify gaps in your current CTI processes.


Get a clear picture of the industry

Insights on industry norms and innovative approaches


Make informed decisions

on adopting new tools and methodologies.

Download the full report

Further resources
on Cyber Threat Intelligence

How to build a tailored threat intelligence

Threat Hunting in the post macro world

Detecting the adversary use of AI