The State of Threat Hunting in the 2017 SOC

While much of the focus on cybersecurity risks has been focused on prevention and detection, many organizations are quickly discovering that threat hunting is the next step in the evolution of their security operations center (SOC).

In 2017, the Information Security Community on LinkedIn conducted an online research project (supported by DLT partner, Sqrrl) to gain more insight into this increased interest in threat hunting. Not surprisingly, when asked what keeps them up at night, many of the 330 respondents pointed to undetected threats slipping through their defenses. The nature of these threats is often considered “advanced” or “unknown” suggesting these emerging threats (80% say threats have doubled in the past year) will continue to outpace the capabilities and staffing needed to handle those threats.

Source: Sqrrl 2017 Threat Hunting Report

Not Enough Time is Spent on Threat Hunting

Even though threat hunting is becoming a top security initiative with three quarters of respondents stating that it is of major importance, four in five respondents said their SOC didn’t spend enough time searching for emerging and advanced threats (hidden, unknown, and emerging). And this weighs heavy on the shoulders of security teams, only 6% of respondents were fully confident in their SOC’s ability to uncover advanced threats while only 26% were confident to very confident.

That’s a problem. With nearly half of all threats going undetected by automated security tools, this doesn’t bode well for organizational readiness. Nearly two-thirds stated they are minimally compliant or even behind the curve in terms of their existing threat hunting capabilities.

The Benefits of Threat Hunting

The main benefits of threat hunting platforms include improved detection of advanced threats, creating new ways of finding threats, and reducing investigation time. Threat hunting platforms can cut in half the time spent to detect a threat, and it improves the average time to investigate and address a threat by 42%. Nearly half of respondents state that an investment in a threat hunting platform pays for itself within a year given its ability to detect unknown, emerging and advanced threats.

Source: Sqrrl 2017 Threat Hunting Report
Source: Sqrrl 2017 Threat Hunting Report

Threat Hunting Pays Off, Despite Budgetary Concerns

According to the survey, a lack of budget remains the top reason why SOCs have not adopted a threat hunting platform, an answer given by 35% of respondents. Yet nearly half of respondents believe that an investment in a threat hunting platform would pay for itself within a year.

Plus, cybersecurity professionals who work with a threat hunting platform feel more appreciated, recognized, and valued by their organization – making it easier for government agencies to attract and retain talent in the face of today’s cybersecurity workforce shortage.

Check out the full survey report for more insights and examples of how threat hunting can benefit your agency, over and above existing security tools.

Farihah Sattar Government Tech Writer