FINAL WORD
“ORGANISATIONS MUST
DESIGN A PLAN KNOWING
THEY WILL BE ATTACKED BY
CYBERCRIMINALS.”
Companies are investing in and gaining
different levels of results from both
tools and structured processes as they
integrate ‘threat hunting’ activities into
the core security operations centre.
As the focus on professional threat
hunters and automated technology
increases, a more effective operations
model for identifying, mitigating and
preventing cyberthreats has emerged:
human-machine teaming. In fact,
leading threat hunting organisations
are using this method in the threat
investigation process at more than
double the rate of organisations at the
minimal level (75% compared to 31%).
“Organisations must design a plan
knowing they will be attacked by
cybercriminals,” said Raja Patel, vice
president and general manager,
Corporate Security Products, McAfee.
“Threat hunters are enormously
valuable as part of that plan to regain
the advantage from those trying to
disrupt business, but only when they are
efficient can they be successful.
“It takes both the threat hunter and
innovative technology to build a strong
human-machine teaming strategy that
keeps cyber threats at bay.”
Key Findings:
Results:
• On average, 71% of the most
advanced SOCs closed incident
investigations in less than a week and
37% closed threat investigations in
fewer than 24 hours
• Novice hunters only determine the
cause of 20% of attacks, compared
to leading hunters’ verifying 90%
• More advanced SOCs gain as much
as 45% more value than minimal
SOCs from their use of sandboxing,
improving workflows, saving costs
and time, and collecting information
not available from other solutions
90
INTELLIGENTCIO
Strategies:
• 68% say better automation and
threat hunting procedures are how
they will reach leading capabilities
• More mature SOCs are two times
more likely to automate parts of the
attack investigation process
• Threat hunters in mature SOCs spend
70% more time on the customisation
of tools and techniques
Tactics
• Threat hunters in more mature SOCs
spend 50% more time on actual
threat hunting
• Sandbox is the number one tool for
first and second line SOC analysts,
where higher level roles relied first
on advanced malware analytics and
open source. Other standard tools
include SIEM, Endpoint Detection
and Response, and User Behaviour
Analytics, and all of these were
targets for automation
• More mature SOCs use a sandbox in
50% more investigations than entry
level SOCs, going beyond conviction
to investigate and validate threats in
files that enter the network
The Threat Hunter Playbook:
Human-Machine Teaming
Aside from manual study in the threat
investigation process, the threat hunter
is key in deploying automation in
security infrastructure.
The successful threat hunter selects,
curates and often builds the security
tools needed to thwart threats, and
then turns the knowledge gained
through manual investigation into
automated scripts and rules by
customising the technology. This
combination of threat hunting with
automated tasks is human-machine
teaming, a critical strategy for
disrupting the cybercriminals of today
and tomorrow.
New innovations
to fight back
against threats
M
cAfee has also announced
several new innovations
that expand their machine
learning and automation capabilities
to strengthen human-machine
teams. The company has also
announced support of OpenDXL.com,
a new, independent collaboration
portal that offers forums, free apps
and more, giving OpenDXL users
easy access to ideas and resources
available for application integrations.
“Today’s security teams are facing
244 new cyber threats every minute,
amid a serious talent shortage.
Siloed security, without automation,
managed by overwhelmed teams is
not a sustainable defence strategy,”
said Raja Patel, Vice President and
General Manager, Corporate Security
Products, McAfee.
“Expanded machine learning and
integrated analytics are part of
McAfee’s vision for a fundamental
shift in the way humans and
machines work together to secure
our digital world. By aligning the
strengths of humans and machines,
organisations elevate their
operational maturity to better defend
against the cyber threats we face
today . . . and tomorrow.”
Machine Learning
and Automation
McAfee technology seeks to improve
the way humans and machines
work together to protect the digital
enterprise, through implementation
of an intelligent security platform,
that takes advantage of powerful
new technologies, such as machine
learning and automation. McAfee
Advanced Threat Defense (ATD)
software now joins the growing
portfolio of McAfee products that
incorporate machine learning,
including McAfee Endpoint Security
with Real Protect and McAfee Global
Threat Intelligence (GTI).
www.intelligentcio.com