From Hunted to Hunter
Raytheon survey reveals much cyber defense comes after an attack
All over the world, businesses have crafted detailed plans for dealing with a cyber attack.
What many have not done is plan to become the hunter rather than the hunted, and prevent attacks before they begin.
“There used to be this old concept of defend, detect and respond,” said Dave Amsler, president and founder of Raytheon Foreground Security. “Now it’s detect, isolate and eradicate. You have to proactively hunt for the skilled attacker in your network.”
In numerous organizations, IT leaders duck instead of covering their digital assets ahead of any attack, according to a worldwide survey titled “Don’t Wait: The Evolution of Proactive Threat Hunting.” The survey, commissioned by Raytheon and conducted by the Ponemon Institute, questioned 1,784 information security leaders in 19 countries across North America, Europe, the Middle East and the Asia Pacific region.
In the survey, security leaders were asked for their perspectives on how managed security services, or MSS, fit into their business strategies.
Organizations that use MSS see improvements in the company’s cybersecurity posture, with 80 percent saying a provider is important to overall IT security. Fifty-nine percent agree that responsibility for the vendor relationship is shifting from the IT department to the line of business, indicating MSS is now an element of competitive advantage strategies.
Two-thirds of the polled organizations that don’t use an MSS say only a significant data loss would change their minds. But after they’ve been hit, it can be too late.
There is a cyber talent gap pushing more organizations to outsource security services. According to the survey, the top two factors keeping organizations’ cybersecurity posture from being fully effective are insufficient personnel and lack of in-house expertise. Amsler said his Foreground University offers 93 courses to his staff and customers to develop the elite skill set required for proactive threat hunting.
In recent years, more organizations are seeking an increased proactive security posture, but 84 percent of MSS users say their vendor does not offer hunting services. That leaves organizations to rely on security tools and MSS partners that offer inadequate protection, said Mark Orlando, director of cyber operations with Raytheon Foreground Security.
It's the human element that often creates vulnerabilities exploited by hackers. Among current MSS users, 54 percent say they have found software vulnerabilities that were more than three months old.
“If I am proactively hunting and have the right visibility, those compromises can be identified in days instead of weeks and months,” Orlando said.
This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-9VDZ .