Threat management continues to challenge security operation centers (SOCs); new research reveals that detection of advanced threats remains the No. 1 challenge for SOCs (55%), followed by lack of security expertise (43%).
According to Crowd Research Partners’ 2018 Threat Hunting Report, which surveyed cybersecurity professionals in the 400,000-member Information Security Community on LinkedIn, threat frequency and severity is on the rise. A majority (52%) say threats have at least doubled in the past year. Based on this trend, the number of advanced and emerging threats will continue to outpace the capabilities and staffing of organizations to handle those threats.
In fact, three-quarters (76%) of respondents feel that not enough time is spent searching for emerging and advanced threats in their SOC. Lack of budget (45%) remains the top barrier to SOCs that have not yet adopted a threat-hunting platform.
That said, organizations are becoming more confident in their security teams’ ability to quickly uncover advanced attacks, compared to last year. A third of respondents are confident to very confident in their team’s skills, a 7% increase over last year.
As part of this, threat hunting is gaining momentum; organizations are increasingly utilizing threat-hunting platforms (40%), up 5 percentage points from last year’s survey. Six out of ten organizations in the survey are planning to build out threat-hunting programs over the next three years.
“Following the unprecedented wave of cybersecurity attacks, threat hunting is quickly becoming a new line of defense for SOCs to proactively combat advanced security threats,” said Holger Schulze, CEO of Cybersecurity Insiders. “By pairing human intelligence with next-generation threat-hunting platforms, SOC teams can identify and resolve threats faster and more reliably.”
According to respondents’ assessments, threat-hunting tools improve the speed of threat detection and response by a factor of 2.5 compared to teams without dedicated threat-hunting platforms. The top benefits organizations derive from threat hunting include improved detection of advanced threats (64%), followed by reduced investigation time (63%), and saved time not having to manually correlate events (59%).
The most important threat-hunting capabilities for cybersecurity professionals is threat intelligence (69%), followed by user and entity behavior analytics (UEBA) (57%), automatic detection (56%), and machine learning and automated analytics (55%).