New
McAfee Report Reveals Secrets of Successful Threat Hunters and SOCs
McAfee Report Reveals Secrets of Successful Threat Hunters and SOCs
Effectiveness
Comes with Complementary Investments in Human-machine Teaming
Comes with Complementary Investments in Human-machine Teaming
NEWS
HIGHLIGHTS
HIGHLIGHTS
·
Survey outlines state of security operations
center and threat investigations
Survey outlines state of security operations
center and threat investigations
·
Seventy-one percent of advanced
SOCs use human-machine teaming to close cybersecurity investigations in one
week or less
Seventy-one percent of advanced
SOCs use human-machine teaming to close cybersecurity investigations in one
week or less
·
Successful cybersecurity
teams are three times as likely to automate threat investigation. Thus, they devote
50 percent more time to actual threat hunting.
Successful cybersecurity
teams are three times as likely to automate threat investigation. Thus, they devote
50 percent more time to actual threat hunting.
·
While analytic tools like sandboxing and SIEM
are must-haves, and Endpoint Detection and Response and User Behavior Analytics
are rising, effectiveness comes with complementary investments in human-machine
teaming that integrates these capabilities with knowledge and processes
While analytic tools like sandboxing and SIEM
are must-haves, and Endpoint Detection and Response and User Behavior Analytics
are rising, effectiveness comes with complementary investments in human-machine
teaming that integrates these capabilities with knowledge and processes
·
More sophisticated security organizations get
far better leverage from their threat intelligence investments by emphasizing
local, private and paid intelligence sources
More sophisticated security organizations get
far better leverage from their threat intelligence investments by emphasizing
local, private and paid intelligence sources
Singapore, July 26, 2017 – McAfee,one of the world’s leading cybersecurity companies, today announced the release
of Disrupting
the Disruptors, Art or Science?, a new
report investigating the role of cyberthreat hunting and the evolution of the
security operations center (SOC). Looking at security teams through four levels
of development—minimal, procedural, innovative and leading, the report finds
that advanced SOCs devote 50 percent more time than their counterparts on actual
threat hunting.
The
Threat Hunter
Threat Hunter
Threat hunting is becoming a critical role in
defeating bad actors. A threat hunter is a professional member of the security
team tasked with examining cyberthreats using clues, hypotheses and experience
from years of researching cybercriminals, and is incredibly valuable to the
investigation process. Per the survey, companies are investing in and gaining
different levels of results from both tools and structured processes as they integrate
“threat hunting” activities into the core security operations center.
defeating bad actors. A threat hunter is a professional member of the security
team tasked with examining cyberthreats using clues, hypotheses and experience
from years of researching cybercriminals, and is incredibly valuable to the
investigation process. Per the survey, companies are investing in and gaining
different levels of results from both tools and structured processes as they integrate
“threat hunting” activities into the core security operations center.
As the focus on professional threat hunters and
automated technology increases, a more effective operations model for
identifying, mitigating and preventing cyberthreats has emerged: human-machine
teaming. In fact, leading threat hunting organizations
are using this method in the threat investigation process at more than double
the rate of organizations at the minimal level (75 percent compared to 31
percent).
automated technology increases, a more effective operations model for
identifying, mitigating and preventing cyberthreats has emerged: human-machine
teaming. In fact, leading threat hunting organizations
are using this method in the threat investigation process at more than double
the rate of organizations at the minimal level (75 percent compared to 31
percent).
“Organizations must design a plan knowing they
will be attacked by cybercriminals,” said Raja Patel, vice president and
general manager, Corporate Security Products, McAfee. “Threat hunters are enormously
valuable as part of that plan to regain the advantage from those trying to
disrupt business, but only when they are efficient can they be successful. “It
takes both the threat hunter and innovative technology to build a strong
human-machine teaming strategy that keeps cyber threats at bay.”
will be attacked by cybercriminals,” said Raja Patel, vice president and
general manager, Corporate Security Products, McAfee. “Threat hunters are enormously
valuable as part of that plan to regain the advantage from those trying to
disrupt business, but only when they are efficient can they be successful. “It
takes both the threat hunter and innovative technology to build a strong
human-machine teaming strategy that keeps cyber threats at bay.”
Key Findings:
Results:
- On
average, seventy-one percent of the most advanced SOCs closed incident
investigations in less than a week and 37 percent closed threat
investigations in less than 24 hours - Novice
hunters only determine the cause of 20 percent of attacks, compared to
leading hunters’ verifying 90 percent
·
More advanced SOCs gain as much as 45 percent more
value than minimal SOCs from their use of sandboxing, improving workflows,
saving costs and time, and collecting information not available from other
solutions
More advanced SOCs gain as much as 45 percent more
value than minimal SOCs from their use of sandboxing, improving workflows,
saving costs and time, and collecting information not available from other
solutions
Strategies:
- Sixty-eight
percent say better automation and threat hunting procedures are how they
will reach leading capabilities - More
mature SOCs are two times more likely to automate parts of the attack
investigation process - Threat
hunters in mature SOCs spend 70 percent more time on the customization of
tools and techniques
Tactics
·
Threat hunters in more mature SOCs spend 50
percent more time on actual threat hunting
Threat hunters in more mature SOCs spend 50
percent more time on actual threat hunting
·
Sandbox is the number one tool for first and
second line SOC analysts, where higher level roles relied first on advanced
malware analytics and open source. Other standard tools include SIEM, Endpoint
Detection and Response, and User Behavior Analytics, and all of these were
targets for automation.
Sandbox is the number one tool for first and
second line SOC analysts, where higher level roles relied first on advanced
malware analytics and open source. Other standard tools include SIEM, Endpoint
Detection and Response, and User Behavior Analytics, and all of these were
targets for automation.
·
More mature SOCs use a sandbox in 50 percent
more investigations than entry level SOCs, going beyond conviction to
investigate and validate threats in files that enter the network
More mature SOCs use a sandbox in 50 percent
more investigations than entry level SOCs, going beyond conviction to
investigate and validate threats in files that enter the network
The
Threat Hunter Playbook: Human-Machine Teaming
Threat Hunter Playbook: Human-Machine Teaming
Aside from manual study in the threat
investigation process, the threat hunter is key in deploying automation in security
infrastructure. The successful threat hunter selects, curates
and often builds the security tools needed to thwart threats, and then turns
the knowledge gained through manual investigation into automated scripts and rules
by customizing the technology. This combination of threat hunting with
automated tasks is human-machine teaming, a critical
strategy for disrupting cybercriminals of today and tomorrow.
investigation process, the threat hunter is key in deploying automation in security
infrastructure. The successful threat hunter selects, curates
and often builds the security tools needed to thwart threats, and then turns
the knowledge gained through manual investigation into automated scripts and rules
by customizing the technology. This combination of threat hunting with
automated tasks is human-machine teaming, a critical
strategy for disrupting cybercriminals of today and tomorrow.
To find More Information on Threat Hunting, including
the report and executive summary, visit https://www.mcafee.com/soc-evolution.
the report and executive summary, visit https://www.mcafee.com/soc-evolution.
For more information on Human-Machine Teaming,
visit the McAfee blog:
visit the McAfee blog:
·
Why Human-Machine Teaming Will Lead to
Better Security Outcomes, Steve Grobman, chief technology officer,
McAfee
Why Human-Machine Teaming Will Lead to
Better Security Outcomes, Steve Grobman, chief technology officer,
McAfee
·
The Machines Are Coming. And That’s A Good
Thing, Raja Patel, vice president and general
manager, Corporate Security Products, McAfee
The Machines Are Coming. And That’s A Good
Thing, Raja Patel, vice president and general
manager, Corporate Security Products, McAfee
In the Spring of 2017, McAfee worked with a
third party to survey over 700 IT and Security professionals selected from a
third-party database to represent a diverse set of countries, industries, and
organization sizes. Participants worked for organizations with more than 1000
employees. Respondents surveyed came from Australia, Canada, Germany,
Singapore, the United Kingdom and the United States whose job duties include
threat hunting.
third party to survey over 700 IT and Security professionals selected from a
third-party database to represent a diverse set of countries, industries, and
organization sizes. Participants worked for organizations with more than 1000
employees. Respondents surveyed came from Australia, Canada, Germany,
Singapore, the United Kingdom and the United States whose job duties include
threat hunting.
About McAfee
McAfee®
is one of the world’s leading independent cybersecurity companies. Inspired by
the power of working together, McAfee creates business and consumer solutions
that make the world a safer place. www.mcafee.com
is one of the world’s leading independent cybersecurity companies. Inspired by
the power of working together, McAfee creates business and consumer solutions
that make the world a safer place. www.mcafee.com
– 30 –
McAfee
and the McAfee logo are trademarks of McAfee LLC in the United States and other
countries.
and the McAfee logo are trademarks of McAfee LLC in the United States and other
countries.
*Other
names and brands may be claimed as the property of others.
names and brands may be claimed as the property of others.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
