The MSSP Buyer Guide to Threat Intelligence and EASM Services 

We’re all familiar with software as a service or platform as a service, but what about Cyber-Crime-As-A-Service?  It’s not just the sheer quantity of cyber threats that is increasing at alarming rates, it’s the methods and ease at which cybercriminals are finding to deploy attacks.,  

The MSSP Need for Threat Intelligence

More and more individuals with little to no technical skills are entering the cyber-crime industry, which means MSSPs need to go beyond the traditional tools and security products to keep their clients safe. With the right MSSP Threat Intelligence solution they can be proactive in protecting their customers’ most critical assets.  

According to an October 2022 survey on  threat intelligence, querying 208 IT security and compliance professionals, conducted by MSSP Alert,  91% said, “they used threat intelligence at some level. A large majority of respondents (70%) said security operations had become among their top use cases for threat intelligence. Most (64%) also said they used threat intelligence to increase the utility of the vulnerability-management process. Other top uses for threat intelligence included incident response (53%) and risk analysis (53%).”  

When an MSSP leverages a Cyber Threat Intelligence solution they can help customers;  

• uncover more customer assets faster and easier  
• Identify threats BEFORE they happen 
• Gain fully enriched context to vulnerabilities to make faster and more informed decisions
• Provide preemptive protection against a broad range of threats and attacks

In previous years, when the cyber threat landscape wasn’t as hostile, only the biggest companies needed to worry about some of these advanced threats (like impersonation, leaked creds, etc).  But now, these threats are starting to affect businesses of all sizes, with more companies in need of an MSSP Cyber security solution that covers more than just Threat Intelligence, but includes Digital Risk Protection, Attack Surface Monitoring and Supply chain Intelligence.  

As stated in SC Media, Tony Cook, senior director of digital forensics and incident response and threat intel at GuidePoint Security, believes, “managing threat intelligence can overwhelm small and medium-sized security teams. This typically requires expertise, and complex systems that are only practical for large enterprises with specialized threat intel analysts.”  

To overcome these growing challenges, MSSP’s can seize the opportunity to help their customers manage threat intelligence more effectively, using high fidelity threat intel and alerts that are fully enriched with needed context, limiting the amount of time it takes to triage, investigate, respond, and eliminate the threat.    

What should an MSSP look for in a Cyber Security Solution?

As fast as cyber criminals are trying to wreak havoc, the number of companies entering the threat intelligence and enterprise attack surface management space has doubled, begging the question, what should an MSSP look for in a complete cyber security solution?  

Three main questions we recommend starting with are:

• Will it help me to ensure the security of my clients’ networks, infrastructure, and data?  
• Will it reduce or increase the workload of my team – will it aid efficiency? 
• Does the provider cover Threat Intelligence, Attack Surface Management, Digital Risk Protection, Supply Chain Intelligence?  

According to TechTarget, “The main purpose of threat intelligence is to show organizations the various risks they face from external threats, such as zero-day threats and advanced persistent threats (APTs). Threat intelligence includes in-depth information and context about specific threats, such as who is attacking, their capabilities and motivation, and the indicators of compromise (IOCs).”  

Several threat intelligence solutions are on the market today offering digital risk protection and attack surface monitoring, but few have also addressed the issue of supply chain intelligence. Adding Supply Chain Intelligence into a CTI solution gives MSSP’s insights not just into their customer’s domain and risk exposure, but insights into the vendors the organization has deployed.  

Security leaders can run a world-class cybersecurity program and still fall victim to a breach through an insecure third-party technology, vendor, or supplier. In fact, 62% of system intrusion attacks are through the supply chain. Because these digital supply chain risks can undermine many other security investments and practices, it is essential to understand mitigate these third-party risks to the greatest extent possible.   

The True Value of an Encompassing Threat Intelligence Offering

The true value comes when MSSPs can provide this level of security to clients, while reducing the workload on their team by increasing efficiency.  A true MSSP Threat Intelligence offering will cover CTI, DRPS, EASM and SCI use cases ranging from Phishing sites, brand abuse, exposed credentials, high-risk CVE’s to vendor risk assessment (just to list a few).   

However, with an increase in use case coverage, comes the need for accurate intel. – irrelevant alerts will waste time (and decrease trust).  To reduce false positives, you need context and assistance. Alerts need to arrive quickly and with insightful context so immediate threats can be handled quickly and efficiently. Lastly, MSSP’s should have 24/7 assistance with team members from their threat intelligence solution to help assist with any queries and investigations.