Improving Cognitive Support for Security Threat Hunters




Dunn, Marcus

Journal Title

Journal ISSN

Volume Title



Threat hunting is a relatively new security analyst position. These security experts monitor massive networks to proactively find threats before systems become compromised. Being a new role, many facets of threat hunting are not well understood; the tooling built for threat hunters was rapidly developed without sufficient knowledge of the issues faced. Our research looks to find how threat hunters fit within their organization, the stakeholders they collaborate with and how, the tools they use, and the challenges they face. This is achieved through a qualitative observational study with the goal of developing cognitive support tools for threat hunters. We find that threat hunters use a plethora of poorly integrated tools, the choice of which is often determined by the environment they work in. Additionally the mode of employment, whether as an employee, contractor, or consultant, significantly impacts the tasks, tools, and work-flows utilized by the threat hunter.



Computer Interaction, Human, Tooling, Threat Hunter, Security