In today’s distributed IT environments, proactive security strategies are critical to quickly identifying and mitigating threats. For that reason, evaluating an MSSP must include an evaluation of their threat hunting capabilities. This is not always so easy to do because the true test of threat hunting is to see it in practice. A good threat hunter thinks like a hacker and draws on multiple sources of proprietary and open source threat intelligence to inform their process as they identify and respond to threats.
To find out more about the challenges involved in effective threat hunting, Mighty Guides sent the following survey question to about 3,000 security professionals:
Which is the most difficult aspect of threat hunting?
Choosing the right set of threat intelligence feeds
Analyzing threat intelligence
Rapidly responding to potential threats
Researching identified threats
Automating threat isolation and analysis
Here are the respondents’ answers:
To provide good threat hunting services, an MSSP needs to have threat intelligence that is relevant to your area of business, they need to have good detection and reporting tools, and they need to have people with good threat hunting skills. When evaluating MSSPs, you should have them walk through their process and see exactly what technologies they use, and how they use them.