Access your Pro+ Content below.
Report: Threat hunting is more SOC than intel
This article is part of the Information Security issue of June 2017, Vol. 19, No. 5
Threat hunting is found mainly at larger enterprises in a handful of industries. A 2017 threat hunting survey of 306 IT and security professionals by the SANS Institute indicated that, at many organizations, the process is new and poorly defined. Hunting programs are more likely in financial services, high tech, military or government institutions and telecommunications sectors, as well as companies that "have been heavily targeted in the past," according to SANS Institute researchers. The survey found that many organizations did not have security programs that were mature enough to support threat hunting capabilities. Less than half of respondents, 45%, said their process is largely ad hoc and dependent on what they need; 27% indicated they have defined their own hunting methodology; and 16% do not do any threat hunting. According to SANS, many organizations need more mature threat intelligence capabilities in their security operations centers (SOCs) before they can benefit from hunting practices. Trained threat hunters ...
Features in this issue
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.
Basic cybersecurity measures like limiting password reuse and implementing multifactor authentication could be big benefits, according to the Verizon DBIR 2017.
Columns in this issue
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements.
This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.