GEC NEWS WIREMcAfee released Disrupting the Disruptors, Art or Science?, a new report investigating the role of cyberthreat hunting and the evolution of the security operations center (SOC). Looking at security teams through four levels of development—minimal, procedural, innovative and leading, the report finds that advanced SOCs devote 50% more time than their counterparts on actual threat hunting.
Per the survey, companies are investing in and gaining different levels of results from both tools and structured processes as they integrate “threat hunting” activities into the core security operations center. The key findings results are – On average, seventy-one percent of the most advanced SOCs closed incident investigations in less than a week and 37% closed threat investigations in less than 24 hours; Novice hunters only determine the cause of 20 percent of attacks, compared to leading hunters’ verifying 90%; More advanced SOCs gain as much as 45% more value than minimal SOCs from their use of sandboxing, improving workflows, saving costs and time, and collecting information not available from other solutions.
“Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful. “It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay” said Raja Patel, VP and GM, Corporate Security Products, McAfee.
