WatchGuard Blog

Why should you include threat hunting services in your portfolio?

As mentioned in our previous blog post about threat hunting, there is significant interest in it. In fact, according to Pulse, 32% of IT leaders say that their organizations plan to reinforce their endpoint security posture by adding a threat hunting program to their overall security strategy.

And it is not surprising since it is a potent tool to defend your customer. Here we have some of the key benefits that hunting brings to your value-added services:

  • Allows for the timely discovery and disruption of internal and external threats that have bypassed technology-based controls before a breach. It augments existing technology-based controls with human-layer expertise.
  • Augments security technologies with human expertise to reduce the dwell time. Hunting leverages human experience to see and stop advanced attacks that might otherwise linger unseen for days, weeks, or even months. It shortens the dwell time and it's the key to reliably stopping breaches.
  • Arms security teams with insights required to disrupt adversaries at scale. While hunting operations occur at the beginning of the process, finding those unknown threats is still only half the battle. When it is performed effectively, a highly structured threat hunting program arms the security teams with the insights they need to disrupt threats.
  • Feeds the continuous effort to reduce the attack surface and improve automated detection capabilities. New patterns must be leveraged to improve detection capabilities, leaving threats with nowhere to hide.

What are the primary goals that any threat hunting service should fulfill?

According to a Cybersecurity Insider’s Threat Hunting Report, based on a survey of cybersecurity professionals conducted in February 2021, organizations highlight a broad range of goals they expect to fulfill with their threat hunting program or any related service.

However, reducing exposure to external threats was named by more than half of the organizations surveyed (51%), followed by reducing the number of breaches and infections (45%) and reducing attack surface (43%). In summary, businesses that plan to reinforce their endpoint security posture will adopt a threat hunting program into their overall security strategy.

Ready to take your security services to the next level?

Those MSPs that are considering taking advantage of the opportunity and starting up a hunting service should evaluate the following:

  1. No organization is immune, regardless of size, vertical, or location. Every organization is a target, irrespective of where it is located and the vertical you operate in.
  2. Threats are moving faster than ever before. Remember the speed at which threats are operating and evolving.
  3. Therefore, threat hunting is now a must-have for every organization, and it is no longer a nice-to-have. The opportunity to provide the value-added service of threat hunting is relevant.
  4. Speed, scale, and consistency are critical. Hunting needs to be able to be conducted with speed and scale. And that requires structured, repeatable processes, mature technologies, long-term visibility, and threat hunters backed by deep expertise, knowledge, and threat intelligence.
  5. Structure your hunts using the MITRE ATT&CK framework. WatchGuard solutions come fortified with many ATT&CK techniques identified, thus enabling the security team to focus its efforts on dealing with security threats leveraging the well-defined information provided by the framework and extended by our cybersecurity team.
  6. Capitalize on the opportunity. It's always easier to sell to existing customers, and endpoint security services are no exception. Partners already offering security services will find WatchGuard EDR, WatchGuard EPDR, and the Threat Hunting Service as a natural extension to their current service offering.
  7. If you cannot do this in-house, consider our Threat Hunting Service. Finally, if you can't do this in-house, make sure you partner with a vendor that can. Choosing the right one can simplify core service delivery and new managed security services over time.

Our Threat Hunting Service, included in WatchGuard EDR and WatchGuard EPDR, is a powerful tool that enables MSPs to add a hunting service as part of their offering. It allows the detection of threats before damage is done and improves defenses against future attacks on their customers.

Learn how you can extend your services by adding this service by reading our latest eBook Your threat hunting service program simplified with WatchGuard and start the threat hunting service path with WatchGuard Advanced Endpoint security