Human-machine teaming a key ingredient for success in security operations centres
FYI, this story is more than a year old
Cybersecurity is not all about the machines and technology that power it, but also how human-machine teaming are pushing the boundaries of threat analysis.
McAfee released a report last week that showed how security operations centres (SOCs) have evolved to be on the cutting edge of threat hunting.
The report broke down security teams into four levels of development: minimal, procedural, innovative and leading.
McAfee defines threat hunters as professional members of a security team that examine threats by using clues, hypotheses and experience from researching cybercriminals.
As threat intelligence within an organisation becomes more sophisticated, firms are able to get better leverage from their investment in threat intelligence by emphasising local, private and paid intelligence sources, the company states.
The report also found that advanced SOCs devote 50% more time on threat hunting than their counterparts.
The collaboration between humans and machines, known as human-machine teaming, has also developed from the need for a focus on professional threat hunters and automated technologies.
The report says that 71% of ‘leading’ threat hunting organisations are using human-machine teaming, compared to those SOCs that operate at the minimal level (31%).
71% of advanced SOCs were able to close breach incident investigations in less than a week. 37% said they closed investigations in fewer than 24 hours.
Novice hunters can only find the cause of 20% of attacks, while leading hunters will find the cause of 90%.
“Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful,” comments McAfee’s VP of corporate security products, Raja Patel.
As SOCs combine human and machine power and become more mature, they are more likely to spend time customising tools and techniques, automating parts of the attack investigation process, use a sandbox 50% more than entry-level SOCs and spend 50% more time on actual threat hunting.
McAfee also says that the threat hunters themselves are key to deploying automation in security infrastructure. They must select, curate and often build the security tools and then turn them into automated processes through customisation.
McAfee has furthered its encouragement of human-machine teaming, pledging support to OpenDXL.com, an independent collaboration portal for OpenDXL.com.
The portal was created to provide access to ideas and resources for application integrations.
The company believes that the combination of threat hunting and automation forms the basis of human-machine teaming, which is a critical strategy to preventing current and future threats.
“It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay,” Patel adds.
McAfee’s study gained responses from more than 700 IT and security professionals whose jobs include threat hunting. Respondents were from Australia, Canada, Germany, Singapore, the UK and US.