How are IT leaders and their MSPs approaching threat hunting?
Implementing robust security defense strategies helps mitigate the risk of cyberthreats in the early stages of an attack. Threat hunting is a key part of this strategy, enabling it to block unknown threats that slip through security controls and lurk in their organizations’ networks.
However, effective threat hunting takes time and resources that many organizations simply do not have in-house. Check out this blog post to know more about the organizations’ challenge to adopt threat hunting in their security programs.
Managed security service providers enable a wide array of proactive security capabilities, including alert monitoring, prioritization, investigation, and threat hunting. They use sophisticated endpoint and network detection and response solutions, applying artificial intelligence models to correlate and prioritize advanced threats.
However, these services are complex, requiring skilled personnel, technologies, and processes, and are not always cost-effective for security service providers. Pulse and WatchGuard surveyed 100 information security leaders at managed security service providers (MSSPs) to find out how organizations mitigate this complexity to provide cost-effective managed threat hunting services to their customers.
MSP challenges in Threat Hunting
There are three main challenges they have to face: Poor efficiency of the security solutions that make them waste too much time in false-positive alerts, and the lack of security skills and processes to efficiently hunt, detect, prioritize, investigate, and respond.
MSPs investments in proactive security services
Most leaders at MSPs, 62% of them, invest in more skilled staff while 52% in better EDR/NDR solutions. They are considered the most impactful investment for improving the threat hunting practice, especially for larger security service providers.
MSP Threat Hunting maturity level MSP
46% of MSPs provide proactive threat hunting services to detect unknown threats that have bypassed security controls. 55% of responders consider their threat hunting practices mature or very mature.
Most Threat Hunting approaches rely on EDR
73% of the MSPs use EDR solutions as part of their threat hunting approach and 55% NDR solutions. 45% consider endpoint activity the most valuable data source when hunting and investigating incidents.
The WatchGuard report: the state-of-the-art threat hunting in MSPs provides an in-depth analysis of MSPs’ adoption, challenges, and maturity level of MSPs when providing threat hunting service to their customers.
WatchGuard Endpoint Security is a Cloud-native, advanced endpoint security portfolio that protects businesses of any kind from present and future cyberattacks. Its flagship solution, WatchGuard EDPR, powered by artificial intelligence, immediately improves the security posture of organizations. It combines endpoint protection (EPP) and detection and response (EDR) capabilities with Zero-Trust Application Service and Threat Hunting Service to help MSPs efficiently provide automated prevention, detection, and response services with end-to-end threat hunting services.
You can also learn more about how by reading our latest eBook: Are you ready to take your managed security service to the next level? and start your threat hunting path with WatchGuard Advanced Endpoint Security .