Implementing robust security strategies can help mitigate the risk of cyber threats, especially in the early stages of an attack. However, implementing a “robust security strategy” isn’t hard, it is Herculean, and requires significant time, talent, and financial commitments. Therefore, many companies turn their sights to managed security service providers (MSSPs) and managed detection and response (MDRs) – collectively called managed service providers (MSPs) – to roll out security programs, capitalizing on the economies of scale while benefiting from the unique skillsets these organizations possess.
MSSPs and MDRs provide a wide array of security services including security monitoring, investigation, vulnerability scanning, and digital forensics and incident response (DFIR). However, as the customers of these organizations become more security savvy, they are consistently demanding more advanced security services to ensure they are as protected as possible. One of these key advanced security services is threat hunting. And while MSSP and MDR firms can face some unique challenges with threat hunting, their business model means that MSSPs and MDRs have special advantages that can enable more efficient and effective threat hunting.
MSSPs and MDRs Offer Economies of Scale and Pivoting
The first major advantage that MSP firms have in terms of threat hunting is also their major advantage generally: economies of scale. With MSSPs and MDR firms focusing solely on security, they can deliver those services at a cost below what organizations might pay to in-house them. This is also true for threat hunting, but this economy of scale isn’t limited merely to financial benefits. As these specialized security providers often service dozens, hundreds, and even thousands of clients, they can quickly pivot a successful and fruitful hunt in one client to another (and another, and another… you get the idea). This means that threat hunting provided by MSPs can function similarly to a neighborhood watch: you don’t just benefit from your security and services, but from all their clients.
MSPs Offer Faster Reaction Times
Anyone who has
lived worked in a Security Operations Center knows what it is like when the Next Big Thing™ starts scrolling across the news media’s chyron. The calls and emails may start by trickling in, but that trickle quickly turns into a deluge of people asking: “are we protected?” and “have we been compromised?”, and suddenly it seems like mass panic has set in. However, managed service providers often have teams that actively monitor industry news to identify new malware, vulnerabilities, exploits, and TTPs before they emerge as the Next Big Thing, which allows them to react faster and more efficiently. In terms of threat hunting, this means that when big stories break, the MSSPs have often already proactively conducted one or more hunts for those behaviors and can answer those questions quickly.
MSSPs and MDRs Have the Necessary Skills and Resources
Threat hunting is one of the most technically demanding fields in the cyber security industry. It not only requires years of experience, but it also requires specialized skillsets that are often in high demand and come at considerable cost. However, MSSP and MDR providers are wholly focused on providing security and are often able to secure those resources more easily. This means that their customers can benefit from those highly technical resources that are able to conduct threat hunts without the need to keep those resources fulltime.
The Challenge of Threat Hunting in MSPs
While MSPs can offer organizations significant benefits, especially where threat hunting is concerned, these organizations do face some unique challenges as well. One of the most common challenges MSPs can face when threat hunting is understanding a client’s environment. This is not exclusively a limitation of MSPs – indeed it is a complaint almost every security practitioner has uttered – but it can be exacerbated by the “digital distance” found between an MSP and its clients. However, this challenged can be managed by clients forging close relationships with their MSPs and ensuring that there are resources available when a threat hunter gets in contact with them.
Another challenge around threat hunting more generally is content. A reality that most MSPs face is that no two clients are even remotely the same, with different security products, platforms, and appliances in their environment. This means that building threat hunting content is often far more time-intensive and complicated than in other more homogenous environments. However, this challenge can be alleviated using threat hunting content platforms that can provide the threat hunting content quickly and efficiently for a wide array of security tools.
Managed service providers can offer fantastic economies of scale for organizations of all sizes when it comes to security, but this is especially true for more advanced services like threat hunting.
Want to try out a threat hunting content platform in your MSSP or MDR environment? Sign up for a FREE community account on the HUNTER threat hunting content platform using the promo code ‘MSP,’ today!