Word of the Day: threat hunter

Word of the Day Daily updates on the latest technology terms | July 3, 2018 threat hunter (cybersecurity threat analyst) A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defense against advanced persistent threats (APTs). In order to detect a security incident an automated system might miss, a threat hunter uses critical-thinking skills and creativity to look at patterns of normal behavior and be able to identify network behavior anomalies. A threat hunter must have considerable business knowledge and an understanding of normal enterprise operations in order to avoid false positives and have good communication skills to share the results of the hunt. It is especially important for the threat hunter to keep current on the latest security research. The threat hunter in the enterprise The job of the threat hunter is to both supplement and reinforce automated systems. As the review process uncovers patterns for initiating attacks, the security organization can use that information to improve its automated threat detection software. A 2017 SANS Institute report found more organizations are pursuing threat hunting initiatives, but notes the bulk of the growth is confined to vertical markets such as financial services, high tech, military and government and telecommunications. As of 2017, the field of threat hunting was still new for the majority of IT security organizations. The SANS Institute report noted 45% of the respondents to its threat hunting survey do their hunting on an ad hoc basis. Threat hunters typically work within a security operations center (SOC) and take the lead role in an enterprise's threat detection and incident response activities. Threat hunting may be assigned as an additional duty to one or more security engineers within a SOC, or a SOC may dedicate security engineers to full-time threat hunting duties. Additional options for creating a threat hunting team include rotating security engineers into the threat hunting role on a temporary basis and then having them return to their usual jobs within the SOC. Internally, threat hunters hunters are often managed by the an organization's CISO, who works with the CIO to coordinate enterprise security. Quote of the Day "A threat hunter needs to be able to put his or her mind to the task of uncovering vulnerabilities that are specific to the organization, and may or may not be highly sophisticated." - Johna Till Johnson Trending Terms CISO advanced persistent threat network behavior anomaly detection incident response enterprise security governance BotHunter Learning Center Threat hunting technology is on the rise, so are threats More companies are adopting threat hunting tools and platforms, according to the Crowd Research Partners '2018 Threat Hunting Report.' Detecting emerging and advanced threats remains the top challenge for security operations centers. 'Threat hunting' emerges as new enterprise security role The threat hunter, an emerging category of IT security pros, aims to detect incidents that technology overlooks, bolstering security operations centers. Threat hunting defined: What you need to know about this emerging area Threat hunting, an emerging program within enterprise IT security groups, seeks to augment and improve automated security systems. Is threat hunting the next step for modern SOCs? The best threat hunters use threat intelligence, custom tools or threat hunting products to identify APTs and automate searches on an ongoing basis. Report: Threat hunting is more SOC than intel Early threat hunting is primarily SOC-driven. Despite the immaturity of some programs, 60% of those surveyed cited measurable security improvements. Writing for Business Most major security breaches ____________ human error. a. can be attributed to b. are due to Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.