What was the background of the market research project?
Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern Security Operations Center (SOC.) The threat hunting landscape is a relatively new frontier for businesses and SOCs. In December 2016 and January 2017, the 300,000+ member Information Security Community on LinkedIn was utilized to gain more insight into the topic of Threat Hunting. A 7 to 10-minute survey was made available which included over 40 questions on the subject including trends, challenges, and other key criteria. Drive Research served as a manager of the market research including survey design, fieldwork, and reporting.
The study was featured on sites such as TechTarget, Dark Reading, and Security Intelligence.
What was the approach used for the market research?
To address the objectives of the market research study Drive Research worked with Sqrrl and several other cyber security and threat hunting sponsors of the market research report. A draft survey document was created which listed all of the questions and main goals of each question.
The survey contained approximately 40 questions and was programmed into our online survey software. The survey was tested by several of the sponsors and companies. A generic survey link was posted to the LinkedIn Information Security Group several times to encourage participation.
When the 330 respondents were asked what keeps them up at night, many comments revolved around a central theme of undetected threats slipping through an organization’s defenses. Many responses included “unknown” and “advanced” when describing threats, indicating the respondents understand the challenges and fear those emerging threats.
What were the results of the market research?
Report findings were drafted by Drive Research and passed to the LinkedIn community manager as well as Crowd Research Partners. A final copy of the Threat Hunting Report can be viewed here. Here are a few of the major themes from the cyber security market research survey.
- Threat hunting should be or will be a top security initiative in 2017 for organizations. Detection of advanced threats and the inability of organizations to find expert security staff to assist with threat mitigation are the top 2 challenges being faced by SOCs. About 4 in 5 respondents stated their SOC does not spend enough time on searching for emerging and advanced threats. Action to address threats has not caught up with building concern.
- Confidence in the industry to uncover advanced threats is low. This is driven by a lack of adoption of threat hunting platforms and a general sense the industry is behind the times in terms of capabilities and technologies to address threats. About 6% of industry respondents stated their SOC is cutting-edge in relation to handling emerging threats. Nearly two-thirds of SOCs stated they were behind the curve with limited capabilities.
- This lack of capabilities to handle advanced threats causes major concern in the industry because respondents stated frequency of security threats facing their organization are increasing significantly. Over 80% of respondents stated threats have increased at the rate of 2x or greater in the past year at their organization. Based on current market conditions the number of advanced and emerging threats will continue to outpace the capabilities and staffing equipped to handle those threats.
- Those who work with a threat hunting platform feel more appreciated, recognized, and valued by their organization. Virtually all respondents (94%) want to work for an SOC with lean-forward proactive security capabilities such as threat hunting. Among those who do not have a threat hunting platform at their SOC, 3 in 10 will leave their company in the next 18 months if one is not purchased. This 30% turnover rate should be a major concern for organizations and SOCs and it confirms the value respondents place on threat hunting capabilities to help them do their job effectively.
- Main benefits of threat hunting platforms include improving detection of advanced threats, creating news ways of finding threats, and reducing investigation time. The average time spent to detect a threat improved by 61% and the average time to investigate a threat improved by 42% with a threat hunting platform. Nearly half (46%) of respondents stated an investment in a threat hunting platform would pay for itself within a year given its ability to detect unknown, emerging and advanced threats to prevent the financial impact of a breach.
Drive Research is a cyber security and information technology industry survey company located in Syracuse, NY. Our company works as both branded sponsors of our market research studies as a white label for other market research companies.
Contact us at [email protected] or call us at 315-303-2040.