The Threat Hunting Report is the result of comprehensive research in partnership with the 400,000+ member Information Security Community on LinkedIn to explore the next step in the evolution of the modern Security Operations Center (SOC) to combat an increasing array of sophisticated threats that evade existing security defenses.
Download this unique report to learn about the latest trends and benchmarks on the current state of threat hunting, and learn about key challenges for SOCs, threat hunting adoption, benefits of threat hunting, and best practices.
- Threat management continues to challenge SOCs – Detection of advanced threats remains the #1 challenge for SOCs (55 percent), followed by lack of security expertise (43 percent). 76 percent of respondents feel that not enough time is spent searching for emerging and advanced threats in their SOC. Lack of budget (45 percent) remains the top barrier to SOCs who have not yet adopted a threat hunting platform.
- Threat hunting is gaining momentum – Organizations are increasingly utilizing threat hunting platforms (40 percent), up 5 percentage points from last year’s survey. Threat hunting is gaining momentum and organizations are making the investment in resources and budget to shift from reacting to attacks to the creation of proactive threat hunting programs and dedicated teams. Six out of 10 organizations in our survey are planning to build out threat hunting programs over the next three years.
- Threat hunting delivers strong benefits – Organizations are becoming more confident in their security team’s ability to quickly uncover advanced attacks, compared to last year. A third of respondents are confident to very confident in their team’s skills, a 7 percentage point increase over last year. Threat Hunting tools improve the speed of threat detection and response by a factor of 2.5x compared to teams without dedicated threat hunting platforms. The top benefits organizations derive from threat hunting include improved detection of advanced threats (64 percent), followed by reduced investigation time (63 percent), and saved time not having to manually correlate events (59 percent).
- Threat frequency and severity more than doubles – A majority of 52 percent say threats have at least doubled in the past year. Based on this trend, the number of advanced and emerging threats will continue to outpace the capabilities and staffing of organizations to handle those threats.
Most important threat hunting capabilities – The most important threat hunting capabilities for cybersecurity professionals is threat intelligence (69 percent), followed by User and Entity Behavior Analytics (UEBA) (57 percent), automatic detection (56 percent), and machine learning and automated analytics (55 percent).