The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Improving Threat Hunting with Managed Security Services



Our Guide to Threat Hunting series concludes with tips for using managed security services to bolster your threat hunting program.

Over the past few weeks our Guide to Threat Hunting series has covered the fundamentals of threat hunting, what you should do to prepare to hunt for threats, the tools and skills you’ll need for threat hunting success, and how to navigate the five stages of threat hunting. Today we’re concluding the series with an article on a valuable asset to any threat hunting program: managed security services.

When do Managed Security Services Make Sense?

If any of these apply to your organization it may make sense to outsource or augment your threat hunting and/or incident response team with managed security services:

  • Security talent shortage: The severe security talent shortage, especially for cybersecurity professionals, is preventing you from finding and retaining the people you need to build a threat hunting or IR team.
  • Headcount challenges: The political climate of your organization makes it difficult to gain approval for the 3-5 people you need to build an effective threat hunting or IR team.
  • Complexity of staying on top of sophisticated threats: Modern malware is sophisticated, targeted, and difficult to detect. According to Verizon’s latest Data Breach Investigations Report, companies on an average went more than 200 days between the time they were breached and the day they discovered the incident. As attacks (and attackers) get smarter, preventing the loss of sensitive data on your own gets harder and harder.

Building the Business Case for Managed Security Services

Engaging a managed security service provider will require organizational buy-in, from IT and security leadership to your CFO or even CEO. So where do you start in building the business case for hiring an MSSP?

Never let an incident go to waste! If your team doesn’t have the correct resources or adequate funding, I always recommend leveraging each and every incident as an opportunity to build your case. Go to upper management and say this: “The breach or incident that just occurred was a result of lacking a more robust security program with layered controls. In order to be more effective at detecting/preventing future attacks, we need A, B, and C.”

When I first started out doing this type of work at my last job, we operated on a shoe string budget. I was on a team of one: just me. There was no one to rely upon so I started to develop our capabilities myself. But as soon as we had our first incident or two, that’s when I was able to start building a case for a budget and adding on to our architecture. Following those initial incidents we implemented passive defense tools and then developed active defense procedures through people, process, and technology. Finally, we strived for a data-driven defense process that was based on intelligence and ultimately the individuals at the top understood the value of a cybersecurity investment when I reported metrics on the number of breaches we prevented.

Digital Guardian’s Managed Security Program for Advanced Threat Protection

As director of cybersecurity at Digital Guardian, I have the job of leading our Advanced Threat Protection Managed Security Program. The program combines security researchers and analysts’ expertise, Digital Guardian’s Next Generation Data Protection Platform, and a centralized threat intelligence management system. This combination enables Digital Guardian to detect and remediate threats faster and more efficiently. You can expect the highest level of protection from threats including polymorphic malware, zero-day attacks, advanced persistent threats (APTs), ransomware, and attacks involving sophisticated data theft methods.

You can learn more about our managed service program here and here, and for more threat hunting tips, check out our eBook: Stopping Cyber Threats - Your Field Guide to Threat Hunting.

Read More in our Guide to Threat Hunting Series

  1. The Building Blocks of Threat Hunting: Understanding Cyber Threats and the Threat Lifecycle
  2. Getting Ready to Hunt for Threats
  3. The Top Tools and Skills for Threat Hunting Success
  4. Navigating the Five Stages of Threat Hunting
  5. Improving Threat Hunting with Managed Security Services
Tim Bandos

WHITEPAPERS

Stopping Cyber Threats: Your Field Guide to Threat Hunting

Tim Bandos

Tim Bandos, CISSP, CISA is Vice President of Cybersecurity at Digital Guardian and an expert in incident response and threat hunting. He has over 15 years of experience in the cybersecurity realm at a Fortune 100 company with a heavy focus on Internal Controls, Incident Response & Threat Intelligence. At this global manufacturer, he built and managed the company’s incident response team. Tim has a wealth of practical knowledge gained from tracking and hunting advanced threats targeted at stealing highly sensitive data.