Tad Dickie, VP & CSO, Colonial Companies
“It’s possible to do threat-hunting proofs of concept with MSSPs that demonstrate their capabilities detail what you need to fulfill your threat-hunting requirements.”
Evaluating threat-hunting capabilities is challenging because that’s one of those things that improves as you work with the provider to tune those processes. A key part of the provider’s service is threat intelligence. Everybody advertises threat intelligence because they have some form of it, but you should evaluate its quality and relevance to your organization, targets, and stakeholders. If an MSSP can’t provide that, its threat intelligence likely will not be leverageable for your threat-hunting needs.
It’s possible to do threat-hunting proofs of concept with MSSPs that demonstrate their capabilities to fulfill your threat-hunting requirements. A vendor might identify it’s threat intelligence may not meet expectations, that situation doesn’t fulfill your threat intelligence requirements, but it’s a sign you are dealing with a trustworthy vendor. Keep in mind threat hunting is evolutionary. Leading-edge vendors have automated components of their threat-hunting capabilities to speed response. The more a team works with an MSSP, the more noise will be reduced and the finer tuned your security operations become. As your tools and threathunting process matures, it’s likely to raise expectations for an even higher level of quality in threat intelligence.
Key Question to Ask:
Can the MSSP detail how it would work with your threat-hunting program based on your specific parameters?
This is an excerpt from 7 Experts Share Key Questions To Ask When Evaluating Providers. This series was generously sponsored by BlueVoyant.