Ponemon: Proactive Threat Hunting Rare In Managed Security
Managed security services (MSS) are fairly mainstream in terms of adoption, but research suggests that advanced capabilities are lacking within the solution sets.
A global study from Ponemon Institute commissioned by Raytheon reveals that 80% of respondents reported that MSS are important to their overall IT security strategy. However, MSS providers most often offer cybersecurity assessment (39 percent), integration services (31 percent) and digital forensics and incident response (DFIR) engineering and/or assessment (28 percent). Only 16 percent say their MSS offers proactive threat hunting to find advanced threats based on behaviors and anomalies.
"Cybersecurity is not a waiting game, and organizations without the expertise and tools required to identify and respond to skilled adversaries need to understand that," said Jack Harrington, vice president of cybersecurity and special missions at Raytheon Intelligence, Information and Services. "The old approach waited for technology to flag known threats. In contrast, skilled hunters…proactively seek emerging threats and stop them before businesses suffer damage."
About half (54%) of MSS users reported that in the last year, their provider found software exploitation more than three months old on their network.
To defend their networks from attacks amidst staff shortfalls, budget pressures and higher-risk cyber-environments, new capabilities offered in some MSS portfolios include advanced capabilities like hunting, incident response and integration services.
"There is only one way to find the most sophisticated, damaging cyber threats attacking a company's network: proactively hunt for them," said David Amsler, president of Raytheon Foreground Security. "Too many organizations today rely on reactive models and automated tools that attempt to detect threats through signature-, rule- or sandbox-driven models. The reactive approach is not enough to stop the determined and sophisticated adversaries which are most often the cause of significant damage or data loss."
Those surveyed said that they rely on MSS because: It improves their cybersecurity posture (59%); finding and retaining in-house top talent is a challenge (58%); and they lack in-house technology (57%).