Threat hunting becomes critical to defeating cyber crime

Security company McAfee is using this week's Black Hat conference to release a new report examining the role of cyber threat hunting and the evolution of the security operations center (SOC).

Among its findings are that on average, 71 percent of the most advanced SOCs closed incident investigations in less than a week and 37 percent closed threat investigations in less than 24 hours.

Novice threat hunters only determine the cause of 20 percent of attacks, compared to leading hunters who are able to verify 90 percent. Threat hunters in more mature SOCs spend 50 percent more time on actual threat hunting, partly because these teams are two times more likely to automate parts of the attack investigation process.

"Organizations must design a plan knowing they will be attacked by cybercriminals," says Raja Patel, vice president and general manager of corporate security products at McAfee. "Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful. It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay."

The sandbox is the number one tool for first and second line SOC analysts. More mature SOCs use a sandbox in 50 percent more investigations than entry level SOCs, going beyond conviction to investigate and validate threats in files that enter the network. Other standard tools include SIEM, endpoint detection and response, and user behavior analytics. All of these are targets for automation.

You can find out more in the full report which you can get from the McAfee website.

Image Credit: underverse /Shutterstock