Download the complete 2018 Threat Hunting Report here.
Crowd Research Partners released the 2018 Threat Hunting Report, providing critical insights into the state and practice of cyber threat hunting to proactively combat advanced cybersecurity threats.
Based on a comprehensive survey of cybersecurity professionals in the 400,000-member Information Security Community on LinkedIn, the 2018 Threat Hunting Report reveals that cyber threats continue to rise dramatically. Deployment of sophisticated threat hunting programs in security operation centers (SOCs) can significantly improve detection rates and accelerate the time to detect, investigate and remediate these threats.
Key threat hunting trends revealed in the study include:
- Threat management continues to challenge SOCs – Detection of advanced threats remains the #1 challenge for SOCs (55 percent), followed by lack of security expertise (43 percent). 76 percent of respondents feel that not enough time is spent searching for emerging and advanced threats in their SOC. Lack of budget (45 percent) remains the top barrier to SOCs who have not yet adopted a threat hunting platform.
- Threat hunting is gaining momentum – Organizations are increasingly utilizing threat hunting platforms (40 percent), up 5 percentage points from last year’s survey. Threat hunting is gaining momentum and organizations are making the investment in resources and budget to shift from reacting to attacks to the creation of proactive threat hunting programs and dedicated teams. Six out of 10 organizations in our survey are planning to build out threat hunting programs over the next three years.
- Threat hunting delivers strong benefits – Organizations are becoming more confident in their security team’s ability to quickly uncover advanced attacks, compared to last year. A third of respondents are confident to very confident in their team’s skills, a 7 percentage point increase over last year. Threat Hunting tools improve the speed of threat detection and response by a factor of 2.5x compared to teams without dedicated threat hunting platforms. The top benefits organizations derive from threat hunting include improved detection of advanced threats (64 percent), followed by reduced investigation time (63 percent), and saved time not having to manually correlate events (59 percent).
- Threat frequency and severity increases over 100% – A majority of 52 percent say threats have at least doubled in the past year. Based on this trend, the number of advanced and emerging threats will continue to outpace the capabilities and staffing of organizations to handle those threats.
- Most important threat hunting capabilities – The most important threat hunting capabilities for cybersecurity professionals is threat intelligence (69 percent), followed by User and Entity Behavior Analytics (UEBA) (57 percent), automatic detection (56 percent), and machine learning and automated analytics (55 percent).
“Following the unprecedented wave of cybersecurity attacks, threat hunting is quickly becoming a new line of defense for security operations centers to proactively combat advanced security threats,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the 400,000- member Information Security Community on LinkedIn. “By pairing human intelligence with next-generation threat hunting platforms, SOC teams can identify and resolve threats faster and more reliably.”
The 2018 Threat Hunting Report is produced in partnership with leading cybersecurity vendors Alert Logic, DomainTools, IBM Security, Infocyte, Raytheon, Sqrrl, and STEALTHbits Technologies.
Download the complete 2018 Threat Hunting Report here.