Introduction to Survey

SANS has been tracking the evolution of cyber threat intelligence (CTI) as a mechanism for prevention, detection and response through numerous summits and surveys, and we have seen a gradual maturation of the field and its applications in information security. As the use of CTI continues to grow, the results of previous surveys make it evident that there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs.

The intent of this survey is to gain insight into how cybersecurity operations consume CTI, the usefulness of intelligence and best practices for utilizing intelligence across respondents’ organizations. Results will be released during two webcasts—a results webcast on February 11, 2020 and a panel discussion on February 13, 2020—with SANS instructor Robert M. Lee.

For the purposes of this survey, SANS defines CTI as “the analysis to satisfy an intelligence requirement that relates to an adversary’s intent, opportunity and ability to do harm.”

At the end of the survey, you can enter our drawing for a $400 Amazon gift card by providing your contact information. On rare occasions, our SANS analyst may contact you during the paper development, especially if you leave an interesting comment! Regardless, contact information will not be shared with the survey sponsors. For more information, please read the SANS privacy policy at

Question Title

* 1. By responding to this question, you accept the terms of the privacy policy. This survey should be taken by professionals working with, generating or consuming cyber threat intelligence (CTI). Are you such a professional?