discovered in a recent Pulse survey, more than half of IT organizations face budgetary constraints and a lack of cybersecurity expertise when establishing a threat hunting strategy. With roadblocks such as these, is it any wonder organizations are approaching managed service providers to take on their threat hunting activities? This is a huge opportunity for MSPs. Threat hunting can add incredible value to their customers’ cybersecurity postures, such as: • Speedy threat response. A human-driven approach enhances existing tech-based controls before a breach can take place. • Shortened investigation time. Threats can go undetected for months or more sometimes. Threat hunting reduces dwell time and is essential to reliably disrupting breaches. • Improved insights for security teams. When performed correctly, a successful threat hunting initiative arms security teams with effective insights to assist in gathering important data enabling teams to discover best practices and ward off future threats. • Minimized attack surfaces and better automated detection. Threat hunting identifies new patterns, helping organizations enhance detection capabilities, leaving threats with nowhere to hide. In order to correctly adopt threat hunting, organizations (MSPs included) must reconsider their security mindsets, looking beyond prevention and incident response to a proactive, up-to-theminute response model. This starts with the assumption that organizations have already been breached and require 24/7 monitoring and remediation. Additionally, there must be an exceptional level of visibility in any successful threat hunting program. At any moment in time, users and endpoints are generating valuable telemetry information about what’s going on across an organization. While the majority of this telemetry is about legitimate activity, advanced technologies such as behavioral analytics and machine learning can uncover abnormal behaviors that may point to suspicious activity, in turn setting off a security alert. This process is based on automated analytics and requires specific technologies, processes and resources to be performed correctly. Threat hunting runs in conjunction with this workflow. The primary function is to use data leak queries and specific tooling to acquire insights from the telemetry to automate new deterministic analytics. In threat hunting, security teams also can apply these new analytics to the telemetry, as well as put weak signals into context to streamline the identification of actual attacks. While organizations once regarded threat hunting as a “nice-to-have” on their wish lists, it is quickly becoming a must-have across all industries. Considering how quickly threats are growing, hunting is no longer an option but a requirement for every organization to keep users and sensitive data safe and secure. With the addition of threat hunting to their service portfolio, MSPs can offer their customers this stronger level of protection and even more dependable threat detection, all before damage can be done, while fortifying defenses against future attacks. o Iratxe Vasquez is senior product marketing manager for Watchguard. CYBER PATROL 28 CHANNELV ISION | MARCH - APRIL 2022 Pand Sourc Maj Source Curr % of re Source Which of the following are the main benefits of threat detection and hunting efforts? Source: Watchguard; Pulse 77% 75% 64% 57% 0% 65% 53% 51% 45% 21% 0% Technology Enthusiasts Visionaries Pragmatists Conservatives Skeptics The Early Market The Chasm Acc expan Stayed abando What are the primary barriers to the success of your current/future efforts to implement threat hunting? Source: Watchguard; Pulse Reduce time to detect (prevent spread) Reduce attack surface exposure/hardened network and endpoints (i.e. misconfigurations exploited by threats) Increase accuracy of detections process and reduce false positives Reduce exposure to external and inernal threats None of these Limitations of tools/ technology Budget constraints Lack of security skills Lack of defined processes Organizational/ leadership buy-in Other The Chasm Source: Per Geoffrey A. Moore’s “ rossing the Chasm” The Mainstream Market 44% Ov Tradit interac Remote h interac D selfPan Sour Ma Sourc Which of the following are the main benefits of threat detection and hunting efforts? Source: Watchguard; Pulse 77% 75% 64% 57% 0% 65% 53% 51% 45% 21% 0% Ac expa Stayed aband What are the primary barriers to the success of your current/future efforts to implement threat hunting? Source: Watchguard; Pulse Reduce time to detect (prevent spread) Reduce attack surface exposure/hardened network and e dpoints (i.e. misconfigurations exploited by threats) Increase accuracy of detections process and reduce false positives Reduce exposure to external and inernal threats None of these Limitations of tools/ technology Budget constraints Lack of security skills Lack of defined processes Organizational/ leadership buy-in Other 44% O
RkJQdWJsaXNoZXIy NTg4Njc=