Advanced security operations centers improve risk protection

Having an advanced security operations center can have a significant impact on an organization’s ability to complete incident investigations, according to new research from security technology provider McAfee.

On average, 71 percent of the most advanced SOCs closed incident investigations in less than a week, and 37 percent closed investigations in less than 24 hours, according to the McAfee report. The company surveyed more than 700 IT and security professionals this past spring, looking at security teams through four levels of development—minimal, procedural, innovative and leading.

Threat hunting is becoming a critical role in defeating bad actors, McAfee said. A threat hunter is a professional member of the security team who examines cyber threats using clues, hypotheses and experience from years of researching cybercriminals.

The survey showed that companies are investing in and gaining different levels of results from both tools and structured processes as they integrate “threat hunting” activities into the core security operations center.

A technician uses a computer keyboard as he stands in the server hall of the data storage center at the headquarters of Rostelecom PJSC, the state telecommunications operator, in Moscow, Russia, on Tuesday, Dec. 29, 2015. Netflix Inc. signed agreement with Rostelecom to use its TV service starting in 2016. Photographer: Andrey Rudakov/Bloomberg

The report found that advanced SOCs devote 50 percent more time than their counterparts on actual threat hunting.

On the other hand, “novice” hunters only determine the cause of 20 percent of attacks, compared with leading hunters’ verifying 90 percent. More advanced SOCs gain as much as 45 percent more value than minimal SOCs from their use of sandboxing.

In other findings, more mature SOCs are two times more likely to automate parts of the attack investigation process; and threat hunters in mature SOCs spend 70 percent more time on the customization of tools and techniques.

For reprint and licensing requests for this article, click here.