Story image

Human-machine teaming a key ingredient for success in security operations centres

01 Aug 2017

Cybersecurity is not all about the machines and technology that power it, but also how human-machine teaming are pushing the boundaries of threat analysis.

McAfee released a report last week that showed how security operations centres (SOCs) have evolved to be on the cutting edge of threat hunting.

The report broke down security teams into four levels of development: minimal, procedural, innovative and leading.

McAfee defines threat hunters as professional members of a security team that examine threats by using clues, hypotheses and experience from researching cybercriminals.

As threat intelligence within an organisation becomes more sophisticated, firms are able to get better leverage from their investment in threat intelligence by emphasising local, private and paid intelligence sources, the company states.

The report also found that advanced SOCs devote 50% more time on threat hunting than their counterparts.

The collaboration between humans and machines, known as human-machine teaming, has also developed from the need for a focus on professional threat hunters and automated technologies.

The report says that 71% of ‘leading’ threat hunting organisations are using human-machine teaming, compared to those SOCs that operate at the minimal level (31%).

71% of advanced SOCs were able to close breach incident investigations in less than a week. 37% said they closed investigations in fewer than 24 hours.

Novice hunters can only find the cause of 20% of attacks, while leading hunters will find the cause of 90%.

“Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful,” comments McAfee’s VP of corporate security products, Raja Patel.

As SOCs combine human and machine power and become more mature, they are more likely to spend time customising tools and techniques, automating parts of the attack investigation process, use a sandbox 50% more than entry-level SOCs and spend 50% more time on actual threat hunting.

McAfee also says that the threat hunters themselves are key to deploying automation in security infrastructure. They must select, curate and often build the security tools and then turn them into automated processes through customisation.

McAfee has furthered its encouragement of human-machine teaming, pledging support to, an independent collaboration portal for

The portal was created to provide access to ideas and resources for application integrations.                      

The company believes that the combination of threat hunting and automation forms the basis of human-machine teaming, which is a critical strategy to preventing current and future threats.

“It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay,” Patel adds.

McAfee’s study gained responses from more than 700 IT and security professionals whose jobs include threat hunting. Respondents were from Australia, Canada, Germany, Singapore, the UK and US.

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.