Threat Hunting and Incident Response

In today’s distributed IT environments, proactive security strategies are critical to quickly identifying and mitigating threats. For that reason, evaluating an MSSP must include an evaluation of their threat hunting capabilities. This is not always so easy to do because the true test of threat hunting is to see it in practice. A good threat hunter thinks like a hacker and draws on multiple sources of proprietary and open source threat intelligence to inform their process as they identify and respond to threats.

To find out more about the challenges involved in effective threat hunting, Mighty Guides sent the following survey question to about 3,000 security professionals:

Which is the most difficult aspect of threat hunting?

1. Choosing the right set of threat intelligence feeds
2. Analyzing threat intelligence
3. Rapidly responding to potential threats
4. Researching identified threats
5. Automating threat isolation and analysis

Here are the respondents’ answers:

To provide good threat hunting services, an MSSP needs to have threat intelligence that is relevant to your area of business, they need to have good detection and reporting tools, and they need to have people with good threat hunting skills. When evaluating MSSPs, you should have them walk through their process and see exactly what technologies they use, and how they use them.

Go to Chapter 4 of this eBook: "7 Experts Share Key Questions To Ask When Evaluating Providers" to learn more about how to evaluate MSSP threat hunting capabilities.