Improving Cognitive Support for Security Threat Hunters
Date
2023-03-18
Authors
Dunn, Marcus
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Threat hunting is a relatively new security analyst position. These security experts monitor massive networks to proactively find threats before systems become compromised. Being a new role, many facets of threat hunting are not well understood; the tooling built for threat hunters was rapidly developed without sufficient knowledge of the issues faced. Our research looks to find how threat hunters fit within their organization, the stakeholders they collaborate with and how, the tools they use, and the challenges they face. This is achieved through a qualitative observational study with the goal of developing cognitive support tools for threat hunters. We find that threat hunters use a plethora of poorly integrated tools, the choice of which is often determined by the environment they work in. Additionally the mode of employment, whether as an employee, contractor, or consultant, significantly impacts the tasks, tools, and work-flows utilized by the threat hunter.
Description
Keywords
Computer Interaction, Human, Tooling, Threat Hunter, Security