Small business traditionally invested into the basic fundamentals of cyber prevention. With the marketing of next generation this and that, SMB owners were convinced they were impenetrable, protected, and the ability to keep hackers out.
Last year, with more than half of North American SMBs reporting incidents where basic defenses were in place, we can quickly conclude – prevention alone doesn’t work.
Today, RocketCyber is introducing two additional free RocketApps for Managed Service Providers: Threat Hunting and On-demand Threat Hunting Analysis. This enables MSPs to deliver multi-tenant threat hunting from the cloud to the endpoint and arming SOCs with incident response capabilities.
What is Threat Hunting
Simply put, is the process of proactively searching for threats, intrusions and malicious activity that indicate signs of intent, or have already circumvented security defenses.
Historically, the conventional approach when an intruder is inside your network, is to wait for an alert notification. Unfortunately, the wait time can be months to years. In fact, the average notification time of detecting the intruder for small businesses last year was 206 days. Ironically, most notifications were from external sources such as business partners or cybercrime enforcement.
With threat hunting as a service, proactive detection of malicious and suspicious activity reduces this dwell time to near real-time, and in many cases before an actual incident or breach occurs. Dwell time is the period of time describing “the moment an adversary gains a foothold and the actual detection of the attacker’s existence”. SMBs cannot afford to wait months or years to learn that an attacker is inside their network. From the moment of unauthorized entry, the cost and impact of the incident increases by the second.
Threat Hunting Built for MSPs
RocketCyber enables MSPs to deliver multi-tenant hunts and provides several RocketApps to get your Threat Hunt offering kickstarted. A multi-tenant hunt applies your investigation, search or query across all SMB customers under management.
On-demand Threat Hunting – Developed for speed and common hunts to query URLs, Processes, File Names and Hashes.
Threat Hunting – Designed for advanced, conditional hunts and more in-depth investigations with over 17 different configurable methods to choose from. Examples include the 4 mentioned above in addition to hunting for DNS Cache Entries, Windows Events, Network Connections, Services, Registry Keys and more.
Threat Intelligence Feeds – Integrated third-party popular threat intelligence vendors enable MSPs to define hunt characteristics, providing a reference of knowing what data points to hunt for. Includes attack trends, (TTPs) tactics, techniques and procedures to save for automated hunting hypothesis.
Threat Hunting can now be leveraged by all MSPs regardless of your size. The good news is hunting helps reduce the dwell time, improves incident response and enhances security operation center efficiency.
To get started with RocketCyber's Threat Hunting for Free: