Organizations want to threat hunt, but can’t due to lack of time, skills and visibility
As cybercriminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defenses, organizations must evolve their security defenses to reduce dwell time. Fidelis Cybersecurity asked cybersecurity leaders, security architects and security analysts about the evolution of their cyber defense strategies, including post-breach detection and response, as well as threat hunting.
Fidelis interviewed over 580 security professionals from around the globe to understand how they are shifting their security strategies. In the Fidelis 2018 State of Threat Detection Report, 63 percent of all respondents said they do not currently employ threat hunting or do not know if they do, with just over half (51 percent) of organizations with over 5000 employees stating that they threat hunt.
The report also addressed broader detection and response capabilities and found some unsettling indicators that suggest that post-breach detection strategies are not robust enough to deal with the tactics, techniques and procedures being used by today’s threat actors.
Overall, just 21 percent of respondents perceived their detection measures to be highly effective. Healthcare and federal public sector organizations have the lowest confidence levels with just 5 percent and 6 percent of respondents respectively stating that they felt their detection capabilities were highly effective. In addition, 45 percent of respondents stated that they do not have an endpoint detection and response solution currently in place and 38 percent of all participants stated that they do not have a breach detection strategy in place at all.
“In discussions with our enterprise customers from around the globe, a recurring theme is the desire to hunt for threats,” said Nick Lantuh, CEO of Fidelis. “The common challenges they face are the lack of resources and expertise necessary to do it right, which our study has also confirmed. Organizations need the depth of insights into their data, the proper analytical tools, automated detection & response and the expertise to shift their defense strategy from being rocked back on their heels to up on their toes.”
Nearly half of the professionals who participated in the study noted they didn’t have the time to threat hunt, and a third cited lack of skills. But almost all of them – 88 percent – believe threat hunting is a necessity.
With time, skills and resources cited as major barriers to sophisticated detection measures, outsourcing detection and response and threat hunting to a Managed Detection and Response (MDR) Service is an option that should be considered. MDR enables organizations to outsource or augment their teams to ensure accurate threat detection and swift response to minimize dwell time.
Other findings from the report include:
- Organizations don’t have enough faith in their preventive solutions – with just 22 percent stating that they felt ‘highly confident’ in their preventive defenses when faced with a targeted attack.
- Insufficient security resources and the lack of automation for IR and investigations are one of the biggest issues facing security teams today.
- 53 percent of organizations who said they are not threat hunting said that they have no plans to do so.
- 33 percent of respondents feel that ‘not enough resources’ is the biggest security issue that their organization is facing and 30 percent felt that ‘lack of automation for IR and investigations’ is the biggest security issue they face.