The industry report co-sponsored by Alert Logic and other cybersecurity providers, benchmarks the maturity and evolution of threat hunting initiatives in Security Operations Centres (SOC’s) and identifies impediments to implementing threat hunting capabilities. The report summarises results of a survey of more than 460 cybersecurity and IT professionals and underscores the need for businesses to pivot from purely reactive security to actively hunting threats and adversaries in order to detect security incidents earlier, respond faster, and stop future exploits.
The report found that lack of budget was the top barrier for organisations who have not yet incorporated threat hunting capabilities into their SOC’s, as reported by 45 percent of the companies, a 10 percent increase over the previous year. Lack of skilled, in-house threat hunting staff and lack of collaboration across departments were two other top cited barriers.
“Threat hunting reduces risk to an organisation by reducing exposure to external threats, improving the speed and accuracy of threat response and reducing the overall number of breaches,” said Bob Lyons, CEO, Alert Logic. “Threat hunting requires a sophisticated skill set and it’s often hard to find and retain in-house specialists to fulfil this function, especially when there isn’t always an obvious career path for them within organisations,” said Lyons.
Threat hunting is the process of proactively searching through networks, applications and operating systems to detect and isolate advanced persistent threats that aren’t easily detected by more traditional, reactive security technologies such as firewalls, intrusion detection systems and SIEMs.
In general, SOC’s are overwhelmed as result of new and evolving cyber threats that are increasing in both sophistication and frequency. According to the report, a majority of organisations employ fewer than five security professionals in their SOC who are dedicated to threat hunting. Despite this, the report’s data shows that there is strong momentum for threat hunting with more than half of companies planning to build threat hunting programs in the next three years.
Alert Logic conducts threat hunting for its customers, achieving high levels of speed and detection accuracy – even for multi-stage persistent attacks, according to Lyons. “Our data scientists, threat researchers and SOC analysts compare potential threat scenarios against an immense data set of event telemetry from our more than 4,000 customers. Alert Logic obtains intelligence on attackers’ motives and means while detecting threats, simultaneously training our proprietary machine learning capabilities.”