Hunters: a rare but essential breed of enterprise cyber defenders
March 29, 2016 | Warwick Ashford
The demand for hunter-supported security operations centres is mainly from big government agencies and suppliers of critical infrastructure, says David Amsler, president and CIO at Raytheon Foreground Security.
The hunting concept, he says, was born out of frustration at the reactive, inefficient nature of standard security operations centres.
Before switching to a primarily hunting approach, 90% of Foreground analysts’ time was spent chasing security systems alerts, with only 18% of that time yielding positive results.
“This meant analysts could spend only 10% of their time independently looking for anomalies and other indicators of compromise,” explains Amsler.