Threat hunting refers to manual and machine-assisted methods of proactively and iteratively searching through networks and datasets to find advanced persistent threats (APTs) that evade existing security defenses.
Many organizations realize that threat hunting is the next step in the evolution of the security operations center (SOC) to combat an increasing array of sophisticated threats.
To gain more insight into the state of threat hunting in SOCs, Cybereason supported a comprehensive project conducted by the Information Security Community on LinkedIn. Here are a few key highlights from the report:
Respondents stated that their organizations are facing threats much more frequently. More than 80 percent of respondents said threats have at least doubled in the past year. Based on this trend, the number of advanced and emerging threats will continue to outpace the capabilities and staffing of organizations to handle them.
Four out of five respondents stated their SOC does not spend enough time searching for emerging and advanced threats, and two out of three of respondents reported that their SOCs are falling behind in terms of capabilities to address sophisticated threats.
Only 6 percent of respondents were fully confident in their SOC’s ability to uncover advanced threats.
Nearly four out of five people said that threat hunting should be or will be a top security initiative in 2017. But few employees actually hunt threats. When asked approximately what percentage of employees were involved in threat hunting, the average response was around 14 percent.
The main benefits of threat hunting platforms include improved detection of advanced threats, creating new ways to find threats and reduced investigation time. According to those polled, threat hunting platforms can cut the time spent detecting a threat in half, and they improve the average time to investigate and address a threat by 42 percent.
Fifty percent of respondents said that an investment in a threat hunting platform pays for itself within a year given its ability to detect unknown, emerging and advanced threats.
Cyber-security professionals who work with a threat hunting platform feel more appreciated, recognized and valued by their organization. Virtually all respondents want to work for a SOC with lean-forward proactive security capabilities such as threat hunting.
The 2017 Threat Hunting Report is based on the results of an online survey of over 330 cybersecurity and IT professionals to gain more insight into the state of threat management in SOCs. The respondents range from security analysts and IT managers to CISOs. The respondents represent a cross section of organizations of varying sizes across many industries, ranging from financial services to telecommunications to health care.