Story image

Human-machine teaming a key ingredient for success in security operations centres

01 Aug 17

Cybersecurity is not all about the machines and technology that power it, but also how human-machine teaming are pushing the boundaries of threat analysis.

McAfee released a report last week that showed how security operations centres (SOCs) have evolved to be on the cutting edge of threat hunting.

The report broke down security teams into four levels of development: minimal, procedural, innovative and leading.

McAfee defines threat hunters as professional members of a security team that examine threats by using clues, hypotheses and experience from researching cybercriminals.

As threat intelligence within an organisation becomes more sophisticated, firms are able to get better leverage from their investment in threat intelligence by emphasising local, private and paid intelligence sources, the company states.

The report also found that advanced SOCs devote 50% more time on threat hunting than their counterparts.

The collaboration between humans and machines, known as human-machine teaming, has also developed from the need for a focus on professional threat hunters and automated technologies.

The report says that 71% of ‘leading’ threat hunting organisations are using human-machine teaming, compared to those SOCs that operate at the minimal level (31%).

71% of advanced SOCs were able to close breach incident investigations in less than a week. 37% said they closed investigations in fewer than 24 hours.

Novice hunters can only find the cause of 20% of attacks, while leading hunters will find the cause of 90%.

“Threat hunters are enormously valuable as part of that plan to regain the advantage from those trying to disrupt business, but only when they are efficient can they be successful,” comments McAfee’s VP of corporate security products, Raja Patel.

As SOCs combine human and machine power and become more mature, they are more likely to spend time customising tools and techniques, automating parts of the attack investigation process, use a sandbox 50% more than entry-level SOCs and spend 50% more time on actual threat hunting.

McAfee also says that the threat hunters themselves are key to deploying automation in security infrastructure. They must select, curate and often build the security tools and then turn them into automated processes through customisation.

McAfee has furthered its encouragement of human-machine teaming, pledging support to OpenDXL.com, an independent collaboration portal for OpenDXL.com.

The portal was created to provide access to ideas and resources for application integrations.                      

The company believes that the combination of threat hunting and automation forms the basis of human-machine teaming, which is a critical strategy to preventing current and future threats.

“It takes both the threat hunter and innovative technology to build a strong human-machine teaming strategy that keeps cyber threats at bay,” Patel adds.

McAfee’s study gained responses from more than 700 IT and security professionals whose jobs include threat hunting. Respondents were from Australia, Canada, Germany, Singapore, the UK and US.

Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Australian businesses get serious about SD-WAN
"SD-WAN is doing to enterprise networks what virtualisation did to enterprise data centres almost a decade ago, but it's happening much faster."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.