MSPs Have Unique Advantages in Threat Hunting — Strength in Numbers

MSSPS AND MDRS OFFER ECONOMIES OF SCALE AND PIVOTING

The first major advantage that MSP firms have in terms of threat hunting is also their major advantage generally: economies of scale. With MSSPs and MDR firms focusing solely on security, they can deliver those services at a cost below what organizations might pay to in-house them. This is also true for threat hunting, but this economy of scale isn’t limited merely to financial benefits. As these specialized security providers often service dozens, hundreds, and even thousands of clients, they can quickly pivot a successful and fruitful hunt in one client to another (and another, and another… you get the idea). This means that threat hunting provided by MSPs can function similarly to a neighborhood watch: you don’t just benefit from your security and services, but from all their clients.

MSPS OFFER FASTER REACTION TIMES

Anyone who has lived worked in a Security Operations Center knows what it is like when the Next Big Thing™ starts scrolling across the news media’s chyron. The calls and emails may start by trickling in, but that trickle quickly turns into a deluge of people asking: “are we protected?” and “have we been compromised?”, and suddenly it seems like mass panic has set in. However, managed service providers often have teams that actively monitor industry news to identify new malware, vulnerabilities, exploits, and TTPs before they emerge as the Next Big Thing, which allows them to react faster and more efficiently. In terms of threat hunting, this means that when big stories break, the MSSPs have often already proactively conducted one or more hunts for those behaviors and can answer those questions quickly.

MSSPS AND MDRS HAVE THE NECESSARY SKILLS AND RESOURCES

Threat hunting is one of the most technically demanding fields in the cyber security industry. It not only requires years of experience, but it also requires specialized skillsets that are often in high demand and come at considerable cost. However, MSSP and MDR providers are wholly focused on providing security and are often able to secure those resources more easily. This means that their customers can benefit from those highly technical resources that are able to conduct threat hunts without the need to keep those resources fulltime.

THE CHALLENGE OF THREAT HUNTING IN MSPS

While MSPs can offer organizations significant benefits, especially where threat hunting is concerned, these organizations do face some unique challenges as well. One of the most common challenges MSPs can face when threat hunting is understanding a client’s environment. This is not exclusively a limitation of MSPs — indeed it is a complaint almost every security practitioner has uttered — but it can be exacerbated by the “digital distance” found between an MSP and its clients. However, this challenged can be managed by clients forging close relationships with their MSPs and ensuring that there are resources available when a threat hunter gets in contact with them.

CONCLUSION

Managed service providers can offer fantastic economies of scale for organizations of all sizes when it comes to security, but this is especially true for more advanced services like threat hunting.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

452 Followers

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.