Home » Security Bloggers Network » Considerations when Outsourcing Threat Hunting

Considerations when Outsourcing Threat Hunting

by Lester Obbayi on July 20, 2018

Introduction

Threat hunting has become a fundamental security process within organizations. It targets threats that might have been missed by traditional detection methods like as firewalls, intrusion detection systems, malware sandboxes and SIEMs. This article covers the various considerations that need to be taken when outsourcing or developing an internal threat-hunting program.

Internal vs. External Threat Hunting

Internal threat hunting differs from external threat hunting in that it is an internally-managed function within the organization. The security department constitutes an incident response (IR) team that is responsible for handling and hunting threats that might plague the organization. Normally, a balance must be struck between human skill set and detecting tools to allow for an effective team.

Organizations that lack a threat-hunting function might seek to outsource it to cybersecurity companies that offer such services. This externally-managed function is what is known as external threat hunting. Internal and external threat hunting each have pros and cons that should be discussed.

Pros of an Internal Threat-Hunting Function

Having your own threat hunting function within your organization has a couple of pros to it. They include:

Cost-effectiveness

Compared with outsourcing threat-hunting functions to a third-party cyber-security company, assembling an internal threat-hunting team means you size of the team to work with and the necessary tools to use. If you like, you can gather these assets at a lower cost.

Sponsorships Available

Ability to streamline

Internal hunting teams are normally compact in size. This allows you to streamline the hunting process by defining the datasets that are most critical and thus require the most attention. This allows your team to work efficiently and effectively.

Reduced infection dwell time

Hunting allows you to reduce the amount of time infections may dwell within your organization undetected, effectively preventing an otherwise catastrophic breach.