Organizations are reallocating resources and budget to build proactive threat hunting teams, a new study of cybersecurity and IT professionals said.
Some 60 percent of 460 outfits surveyed in Alert Logic’s 2018 Threat Hunting Report said they will upgrade their existing security framework in the next three years to enable them to hunt down advanced persistent threats earlier. That’s a five percent uptick from last year’s study, the Top 100 MSSP list member said.
This is overall good news for MSSPs, Alert Logic asserted. Threat hunting is a new security discipline for most organizations and many are struggling to cope with their existing security threat workload, the MSSP said. While 84 percent of companies in the study said that threat hunting should be a top security initiative, 76 percent believe their Security Operations Center (SOC) spends inadequate time proactively searching for newly emerging and advanced cyber threats.
Threat Hunting and MSSPs: Growing Customer Needs
As it stands right now, only 33 percent of organizations turn to MSSPs to hunt down threats, with about 56 percent of organizations relying solely on in-house SOC staff, typically comprised of five people or less dedicated to detecting and isolating advanced persistent threats not easily uncovered by traditional defenses.
Here are the study’s top-level findings:
- Momentum: Organizations are increasingly utilizing threat hunting platforms (40 percent), up 5 percentage points from last year’s survey.
- Confidence: One-third of respondents are confident to very confident in their threat hunting skills, a seven percentage point increase over last year.
- Benefits: The top benefits organizations derive from threat hunting include improved detection of advanced threats (64 percent), followed by reduced investigation time (63 percent), and saved time not having to manually correlate events (59 percent).
- Challenges: Detection of advanced threats remains the top challenge for SOCs (55 percent), followed by lack of security expertise (43 percent). Lack of budget (45 percent) remains the top barrier to SOCs who have not yet adopted a threat hunting platform.
- Capabilities: The most important threat hunting capabilities for cybersecurity professionals is threat intelligence (69 percent), followed by user and entity behavior analytics (UEBA) (57 percent), automatic detection (56 percent), and machine learning and automated analytics (55 percent).
- Frequency: 52 percent say the number of threats have at least doubled in the past year.
“Threat hunting reduces risk to an organization by reducing exposure to external threats, improving the speed and accuracy of threat response and reducing the overall number of breaches,” said Bob Lyons, Alert Logic’s CEO. “Threat hunting requires a sophisticated skill set and it’s often hard to find and retain in-house specialists to fulfill this function, especially when there isn’t always an obvious career path for them within organizations," he said.