Hunters Brings More Automation to SOC Platform
Hunters updated its security operations center (SOC) platform to automatically calculate the risk level attached to each threat based on the applications and infrastructure being employed.
In addition, the company now provides unlimited data ingestion, retention and schema mapping, human-readable attack stories that provide more context and a detection engine that automatically builds queries based on the MITRE ATT&CK framework to discover vulnerabilities.
Ofer Gayer, vice president of product for Hunters, said threat risk scores provided by most security platforms are notoriously unreliable because they are a generic ranking of risks that, when initially created, don’t reflect the current state of the IT environment.
The Hunters SOC platform employs a combination of algorithms and artificial intelligence (AI) models to augment the cybersecurity experts that Hunters makes available to its customers, he said. Each threat is evaluated to determine a confidence and severity score to enable organizations to better prioritize their remediation efforts, noted Gayer. The models and algorithms themselves are regularly updated over the course of a year as the threat landscape evolves, he added.
The overall goal is to reduce the manual effort required, said Gayer. For example, the Hunter SOC platform will automatically generate a report that provides a human-readable narrative detailing what occurred during each security incident, he noted.
Hunters is making a case for a more automated SOC platform that replaces legacy security information event management (SIEM) platforms that are, essentially, only a database for capturing security events and against which security teams can launch queries. Instead, the Hunters SOC platform automates many of the manual tasks that would otherwise be required to investigate a security incident as part of an overall effort to reduce cybersecurity team fatigue. In fact, one of the reasons there are high levels of turnover among cybersecurity teams is all the manual effort required just to determine whether a security incident requires a deeper level of investigation.
Arguably, one of the reasons there are so many breaches is that cybersecurity teams are being asked to combat massive volumes of attacks using tools that were designed for a different era. Today, cybercriminals regularly make use of automated platforms to launch attacks; the cybersecurity teams that are asked to thwart those attacks require similar levels of automation. After all, the average cybersecurity team is a lot smaller than many of the cybercriminal gangs that launch attacks, and yet it’s the cybercriminals that regularly take advantage of higher levels of automation.
Of course, investing in higher levels of automation can be expensive. Organizations need to come to terms with the fact that cybersecurity has now become a significant cost of doing business. Like it or not, cybersecurity has become an automation arms race. Organizations can either outsource responsibility for that task or make the proper levels of investment required. There may never be such a thing as perfect security, but the real issue today is not so much whether there will be a breach as much as how many and to what degree.
