Washington D.C – February 27, 2018Crowd Research Partners today released the 2018 Threat Hunting Report, providing critical insights into the state and practice of cyber threat hunting to proactively combat advanced cybersecurity threats.
Based on a comprehensive survey of cybersecurity professionals in the 400,000-member Information Security Community on LinkedIn, the research report reveals that cyber threats continue to rise dramatically. Deployment of sophisticated threat hunting programs in security operation centers (SOCs) can significantly improve detection rates and accelerate the time to detect, investigate and remediate these threats.
“Following the unprecedented wave of cybersecurity attacks, threat hunting is quickly becoming a new line of defense for security operations centers to proactively combat advanced security threats,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the 400,000- member Information Security Community on LinkedIn. “By pairing human intelligence with next-generation threat hunting platforms, SOC teams can identify and resolve threats faster and more reliably.”
Key threat hunting trends revealed in the study include:
- Threat management continues to challenge SOCs – Detection of advanced threats remains the #1 challenge for SOCs (55 percent), followed by lack of security expertise (43 percent). 76 percent of respondents feel that not enough time is spent searching for emerging and advanced threats in their SOC. Lack of budget (45 percent) remains the top barrier to SOCs who have not yet adopted a threat hunting platform.
- Threat hunting is gaining momentum – Organizations are increasingly utilizing threat hunting platforms (40 percent), up 5 percentage points from last year’s survey. Threat hunting is gaining momentum and organizations are making the investment in resources and budget to shift from reacting to attacks to the creation of proactive threat hunting programs and dedicated teams. Six out of 10 organizations in our survey are planning to build out threat hunting programs over the next three years.
- Threat hunting delivers strong benefits – Organizations are becoming more confident in their security team’s ability to quickly uncover advanced attacks, compared to last year. A third of respondents are confident to very confident in their team’s skills, a 7 percentage point increase over last year. Threat Hunting tools improve the speed of threat detection and response by a factor of 2.5x compared to teams without dedicated threat hunting platforms. The top benefits organizations derive from threat hunting include improved detection of advanced threats (64 percent), followed by reduced investigation time (63 percent), and saved time not having to manually correlate events (59 percent).
- Threat frequency and severity increases over 100% – A majority of 52 percent say threats have at least doubled in the past year. Based on this trend, the number of advanced and emerging threats will continue to outpace the capabilities and staffing of organizations to handle those threats.
- Most important threat hunting capabilities – The most important threat hunting capabilities for cybersecurity professionals is threat intelligence (69 percent), followed by User and Entity Behavior Analytics (UEBA) (57 percent), automatic detection (56 percent), and machine learning and automated analytics (55 percent).
Download the complete 2018 Threat Hunting Report here.
About Crowd Research Partners
Crowd Research Partners creates fact-based thought leadership content that delivers market insight and unique benchmarks for today’s professionals to inform and guide their business planning, best practices, and buying decisions. Leverage the wisdom of the crowd with unique, peer-sourced research content that resonates with today’s business professionals. Visit us at http://www.crowdresearchpartners.com.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter:@domaintools