Threat Hunter – The Tracker
Threat Hunter – The Tracker
What does it mean to be a Threat Hunter?
With newsworthy breaches occurring nearly on a weekly basis, organizations need to pursuing precautionary strategies to minimize the possibility of a breach. Threat hunters combine research and analytical tools to iteratively comb through networks and datasets to track current and potential threats that may circumvent current automated tools.
The amount of adversaries within the cybersecurity industry is rising each year and no industry is safe. The Huffington Post outlines the recurring cybersecurity threats in the first half of 2017 ranging from ransomware in the healthcare industry to breaching the networks of pop-culture, motion picture entertainment organizations and releasing proprietary assets (i.e., Game of Thrones, Orange Is the New Black). Threat Hunting takes advantage of all available data sources, internal and external, to generate a comprehensive understanding of a threat landscape. Organizations are prioritizing cyber threat hunting into their security strategy.
A Day in the Life
Unlike Threat Intel Analysts, Threat Hunters use advanced hunting strategies that go beyond traditional detection techniques. In contrast to Penetration Testers who are focused on using tools and tactics to penetrate an organization’s network, Threat Hunters position watchful eyes to determine which behaviors on the network are innocuous and which are malicious. A Threat Hunter begins with a hypothesis and focuses on questions he or she may want to answer. A successful Threat Hunting journey ends with answers to the original hypothesis and can include newly discovered Indicators of Compromise (IOCs) and tools, tactics and procedures (TTP) associated with current or potential adversaries. Before beginning a new iteration of the threat hunting process, it is imperative that the data is stored and documented in order to improve current automated detection mechanisms and analytics.
The mind of a Threat Hunter is not only creative; it’s instinctual. Threat Hunters do not wait for triggered-alerts to begin searching for potential threats. They proactively work and spend the majority of their time searching for the unknown, using educated hunches and hypotheses. To successfully identify advanced threats, a threat hunter’s approach must be dynamic and resilient. Hunters must be able to easily pivot between datasets and patterns to properly identify and evaluate the extent of an adversary’s digital footprint.
Most Valued Skills
- Information Security
- Information Systems
- Network Security
Glassdoor lists available jobs in $92k-$175k, Avg Sal: $119k (Glassdoor 9/19). Although the salary is financially appealing, cybersecurity professionals don’t aspire to become Threat Hunters for the money. The real reward for Threat Hunters lies within the satisfaction of uncovering threats
- Threat Hunting Engineer
- Cyber Threat Analyst
- Security Engineer – Threat Detection
Doesn’t Sound Like You?
If the duties of threat hunting doesn’t appeal to your career interests, be sure to return for our next post in the Cybersecurity Roles blog series or check out our previous posts here:
- Cybersecurity Architect
- Incident Responder
- Malware Analyst
- Penetration Tester
- Security Auditor
- SOC Analyst
- Threat Intel Analyst
- Vulnerability Management Analyst