Sophia Harrison 12.7.2021 5 min read

Dollars and Sense: The True Value of Our Human ThreatOps Team

What do large enterprises, mid-market and small businesses all have in common?

The answer: they’re all vulnerable to a cyberattack. 

Unfortunately, this reality isn’t likely to change in the foreseeable future. But that doesn’t mean that you can’t or shouldn’t fight back. Preventive measures like security awareness training, data hygiene best practices and comprehensive antivirus software are critical frontline defenses in your security strategy. 

But what happens when a threat gets past those defenses?

This is where the value of a human ThreatOps expert comes into play. Our ThreatOps team consists of analysts, researchers and technical support—and each has a vital role to play in protecting your network.

The Unknown Unknowns

According to the 2021 DBIR Executive Summary, ransomware is now the third most common type of cyber breach, and the information industry is its number one target. While some malware and ransomware attack strategies are common enough that security solutions can easily detect them based on their digital footprint, the same can’t be said for new or previously unseen threats. 

These “unknown unknowns” will consistently evade detection. In fact, next-gen AV tools are usually programmed to fail open when confronted with these new attack methods so as not to disrupt business operations. 

Unfortunately, this is also true if your security strategy relies solely on automation or machine learning, as both are prone to false positives and are likely to leave critical gaps in your threat detection capabilities.

So how do you know if an attack is happening in your network?

Human expertise is a necessary complement to automation if you want to optimize threat detection and analysis. 

When our automated detector can’t tell if an event is good or bad, a human ThreatOps analyst begins a thorough investigation to determine if it’s malicious. The same applies if a Ransomware Canary is tripped. 

If the incident is found to be credible and it poses an actionable threat, a notification and an in-depth assessment report with detailed remediation steps are sent to you.

With Huntress, you’re never in the dark when it comes to your network’s security.

Expert Insight

When an attack occurs in your network, how do you determine if it’s real?

Most security solutions provide little more than a notification when an incident occurs. And that assumes that the incident you’re been alerted to is legitimate, and not just a false positive. 

A security solution backed by a human-led ThreatOps team can

  • Find the signal through the noise, ensuring that only verified threats warrant an alert
  • Provide the expert insight that you need after each critical threat to better understand existing network vulnerabilities and protect against future attacks

Our ThreatOps analysts don’t just report incidents. They verify the legitimacy of each alert so that you and your team can properly allocate time and resources to only the most urgent problems. If necessary, we isolate the infected host to prevent it from spreading in your network. Once an attack is verified and the infected host isolated, analysts send a detailed report with step-by-step remediation instructions so you know exactly how to correct the issue. If you’ve enabled auto-remediation, we do it for you.  

Managed Antivirus, which utilizes Microsoft Defender—a top-ranked antivirus solution pre-installed onto every Windows OS—provides management and visibility into network activity. With it, analysts can see what attackers are doing as they try to laterally move through your network. This insight, coupled with human contextual analysis, empowers analysts to react to an attack before the main objective (e.g., ransomware, data theft, etc.) can be achieved.

Proactive Research & Development (R&D)

Is your security strategy proactive or reactive?

Keeping up with the constantly changing threat landscape is a challenge for companies of all sizes. But no matter how many solutions you add to your security stack, a proactive approach is still needed if you want to stay one (critical) step ahead of attackers.

A 2020 RSM Cybersecurity Report found that mid-market businesses are now “ground zero” for cyber threats—with 18 percent of those surveyed reporting a breach within the span of a year. And if you’re a small business owner, you’re not far behind, especially if you’re not up-to-date on your security maintenance. 

R&D is a vital part of the Huntress ThreatOps team.  

Researchers actively assess both internal and external trends in the threat landscape, which includes everything from the threats that analysts see in their investigations to the latest insider news about trending threats and attack organization activities. 

Has your system been infiltrated by a malicious persistent foothold

Well, our researchers want to know how it happened and why. They use attack artifacts and forensic analysis to get to the root cause of the attacks that analysts see each day.

Was there an attack pattern? If so, what was it? How quickly did we detect it? 

These questions are top-of-mind for researchers as they look for ways to further our detection and prevention capabilities. Hackers and bad agents are always looking for ways to improve the effectiveness of their attacks. And so are we—with R&D experts leading the way. 

Support When You Need It Most

When it comes to cybersecurity, no solution can protect you 100 percent of the time. So when an attack does occur, the speed and decisiveness with which you react can be the difference between a minor inconvenience and a four-alarm fire. 

And if you have limited security personnel and resources, you want to be certain that a critical alert is just that.

Our ThreatOps analysts only alert you once a critical incident has been confirmed. 

Likewise, with 24/7 threat hunting from the U.S./Canada to the UK and Australia, analysts are keeping an eye out for threats on weekends, holidays and even in the middle of the night, when attacks are most likely to occur. In some cases, they can even detect and isolate an attack before it reaches hosts in another part of the world.

But the support doesn’t end there. 

If an incident is considered extremely critical, our human ThreatOps team is all-hands-on-deck. We’ll reach out to you (no matter what time it is) to make sure that you’re aware of what’s going on so you can investigate and figure out how best to communicate the issue to clients.

Jennifer Vanderweir, President of F1 Solutions, experienced this during the July 2021 Kaseya incident. The attack served as a wake-up call for her, resulting in the timely decision to bolster the number of endpoints covered by Huntress from 500 to almost 5,000. 

Having your security stack backed by human expertise is crucial in the fight against hackers and bad actors. They're bringing their A-game to the table—and so should you. 

Let our ThreatOps experts be your secret weapon. 

To learn more about how The Huntress Security Platform can help you take your security stack to the next level, register to attend our next live product demo

avatar

Sophia Harrison

Polymath. Globe trekker. Former Product Marketing Manager at Huntress.