The Kaspersky Threat Hunting Service is a more proactive reworking of an older offering, designed to meet extreme demand, particularly from midmarket customers.
Today, cybersecurity vendor Kaspersky is announcing the launch of their new Kaspersky Threat Hunting service, which is designed to be offered by MSPs without cybersecurity skills, but can also fit into specific use cases for MSSPs or VARs as well.
“The objective of a managed threat hunting service is timely detection,” said Rob Cataldo, Managing Director for Kaspersky North America. “These attacks are typically carried out by known groups, and our specialized skill set and heritage of tracking these actors allows for an effective response against them. Partners are excited that we are now offering this level of service and assurance of 24-7 monitoring on an outsourced basis.”
Kaspersky has had a similar service to this before, but the Threat Hunting Service is much more proactive.
“We had offered a form of this in the past, with Kaspersky Managed Protection, but it falls more into the realm of security monitoring, which is what a lot of MSSPs do today, and which is essentially reactive,” Cataldo said. “Kaspersky Threat Hunting Service has been enhanced, to be much more proactive, and to inform the customer of an incident at the very onset of a targeted attack.”
The SOC that Kaspersky will use for this service has been in place for years.
“We have used the SOC to help interpret some of the anomalies we would detect in some of the regular telemetry data, for assessment of incident response and digital forensics,” Cataldo indicated.
The service integrates several components. Kaspersky products send their telemetry to the Kaspersky Security Network, which is analyzed in the SOC using more than 700 constantly updated proprietary TTP-based ‘hunts’ tailored to the customer’s environment. All detections are further validated and prioritized by Kaspersky’s threat hunting team to ensure a timely response. After investigation, customers receive incident alerts and a comprehensive guide to incident response in the dedicated threat hunting portal. Response options can then be initiated through an EDR agent.
Demand for this kind of service is very high, Cataldo said.
“One of the trends we are looking at in US and Canada is that the midmarket in particular is being more heavily targeted by adversarial groups,” he noted. “Most experts are predicting big increases in cyberinsurance premiums, as regulations increase and more companies need to buy policies to hedge risk. The trend also remains that the midmarket is ill-equipped to handle those threats. Timely detection requires the right tools and skilled staffing. Some parts of this market has one – the tools – but usually not the staff, which is hard to find and retain, and is expensive.”
While MSPs are the primary audience for this, Cataldo said it will fit into some MSSP business models as well.
“You do not require a specialized cybersecurity skillset to provide this service to the end customer, but for MSSPs who manage licensing who are more heavily involved in value-added service level agreements, or who provides additional response services to mitigate findings of the SOC analysts, our core service would make sense for them,” he indicated. “It could suit a VAR scenario as well, for the right customer with the right business needs. Any of our partners can be super excited about this.”
Kaspersky has an array of support programs ready in place to help partners sell the new offering.
“We have a host of different activities and activities to assure they can position it to their customers,” Cataldo indicated. Social media videos are available. We have global training on March 17 that all partners have been invited to. Our personal account managers have been scheduling training with managed partners, and there will be ongoing Kaspersky webinars from headquarters. We also have initiated digital campaigns to produce leads.”