Story image

Human-machine teaming a key ingredient for success in security operations centres

01 Aug 17

Cybersecurity is not all about the machines and technology that power it, but also how human-machine teaming are pushing the boundaries of threat analysis.

McAfee released a report last week that showed how security operations centres (SOCs) have evolved to be on the cutting edge of threat hunting.

The report broke down security teams into four levels of development: minimal, procedural, innovative and leading.

McAfee defines threat hunters as professional members of a security team that examine threats by using clues, hypotheses and experience from researching cybercriminals.

As threat intelligence within an organisation becomes more sophisticated, firms are able to get better leverage from their investment in threat intelligence by emphasising local, private and paid intelligence sources, the company states.

The report also found that advanced SOCs devote 50% more time on threat hunting than their counterparts.

The collaboration between humans and machines, known as human-machine teaming, has also developed from the need for a focus on professional threat hunters and automated technologies.

The report says that 71% of ‘leading’ threat hunting organisations are using human-machine teaming, compared to those SOCs that operate at the minimal level (31%).

71% of advanced SOCs were able to close breach incident investigations in less than a week. 37% said they closed investigations in fewer than 24 hours.

Novice hunters can only find the cause of 20% of attacks, while leading hunters will find the cause of 90%.

“Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful,” comments McAfee’s VP of corporate security products, Raja Patel.

As SOCs combine human and machine power and become more mature, they are more likely to spend time customising tools and techniques, automating parts of the attack investigation process, use a sandbox 50% more than entry-level SOCs and spend 50% more time on actual threat hunting.

McAfee also says that the threat hunters themselves are key to deploying automation in security infrastructure. They must select, curate and often build the security tools and then turn them into automated processes through customisation.

McAfee has furthered its encouragement of human-machine teaming, pledging support to, an independent collaboration portal for

The portal was created to provide access to ideas and resources for application integrations.                      

The company believes that the combination of threat hunting and automation forms the basis of human-machine teaming, which is a critical strategy to preventing current and future threats.

“It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay,” Patel adds.

McAfee’s study gained responses from more than 700 IT and security professionals whose jobs include threat hunting. Respondents were from Australia, Canada, Germany, Singapore, the UK and US.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.