Advanced security operations centres (SOCs) devote 50 percent more time than their counterparts to actual threat hunting - is a key finding of a new report from McAfee looking at what makes threat hunters successful.
Looking at security teams through four levels of development—minimal, procedural, innovative and leading, the report titled Disrupting the Disruptors, Art or Science?, investigates the role of cyber-threat hunting and the evolution of the SOC.
‘Threat hunting is becoming a critical role in defeating bad actors,' says the McAfee report, adding, ‘A threat hunter is a professional member of the security team tasked with examining cyber-threats using clues, hypotheses and experience from years of researching cyber-criminals, and is incredibly valuable to the investigation process.'
The survey shows companies are investing in and gaining different levels of results from both tools and structured processes as they integrate “threat hunting” activities into the core security operations centre, says the report.
Raj Samani, chief scientist and fellow at McAfee said in a statement: “As more businesses look to build their threat hunting capabilities, they will need to find the blended approach which works for them. This means finding the right combination of people, process and automation to effectively protect the organisation's data, detect any threats and, when targeted, rapidly correct their systems.”
As the focus on professional threat hunters and automated technology increases, the report notes a more effective operations model for identifying, mitigating and preventing cyber-threats has emerged: human-machine teaming.
The report found that leading threat hunting organisations are using this method in the threat investigation process at more than double the rate of organisations at the minimal level (75 percent compared to 31 percent).
“Organisations must design a plan knowing they will be attacked by cyber-criminals,” said Raja Patel, vice president and general manager, Corporate Security Products, McAfee. “Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful. It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber-threats at bay.”