threat hunter (cybersecurity threat analyst)

Contributor(s): John Moore and David Bianco

A threat hunter, also called a cybersecurity threat analyst, is a security professional or security professional service provider that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISO) and chief information officers (CIO) with an additional line of defense against cyberattacks.

In order to detect a security incident an automated system might miss, a threat hunter uses critical-thinking skills and creativity. It's also important for a threat hunter to keep current on the latest security research and be able to communicate effectively. In addition, a threat hunter must have considerable business knowledge and an understanding of normal enterprise operations in order to be able to detect network behavior anomalies.

The threat hunter in the organization

Threat hunters typically work within a security operations center (SOC), which takes the leading role in an enterprise's threat detection and incident response activities. Threat hunting may be assigned as an additional duty to one or more security engineers within a SOC, or a SOC may dedicate security engineers to full-time threat hunting duties. Additional options include rotating security engineers into the threat hunting role on a temporary basis and then having them return to their usual jobs within the SOC.

Internally, management of threat hunters typically falls under the authority of an organization's CISO, who works in conjunction with the CIO to coordinate enterprise security. Those individuals charged with managing threat hunters should ensure they have appropriate monitoring tools, access to data, access to emerging-threat research and ongoing training.

This was last updated in April 2017

Continue Reading About threat hunter (cybersecurity threat analyst)

Dig Deeper on IT staff development and retention



Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you plan to employ a threat hunter in your IT security organization? Why or why not?


File Extensions and File Formats

Powered by: