A threat hunter, also called a cybersecurity threat analyst, is a security professional or security professional service provider that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISO) and chief information officers (CIO) with an additional line of defense against cyberattacks.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
In order to detect a security incident an automated system might miss, a threat hunter uses critical-thinking skills and creativity. It's also important for a threat hunter to keep current on the latest security research and be able to communicate effectively. In addition, a threat hunter must have considerable business knowledge and an understanding of normal enterprise operations in order to be able to detect network behavior anomalies.
The threat hunter in the organization
Threat hunters typically work within a security operations center (SOC), which takes the leading role in an enterprise's threat detection and incident response activities. Threat hunting may be assigned as an additional duty to one or more security engineers within a SOC, or a SOC may dedicate security engineers to full-time threat hunting duties. Additional options include rotating security engineers into the threat hunting role on a temporary basis and then having them return to their usual jobs within the SOC.
Internally, management of threat hunters typically falls under the authority of an organization's CISO, who works in conjunction with the CIO to coordinate enterprise security. Those individuals charged with managing threat hunters should ensure they have appropriate monitoring tools, access to data, access to emerging-threat research and ongoing training.