What IT Pros Need To Know About Hiring Cyber Security Hunt Teams


Client computing is increasingly providing a back door into the enterprise for the compromise and

If your organization doesn't run its own threat analysis center, it may be worth hiring a hunt team to watch your back. Here's what you need to know.

In response to sophisticated cybersecurity threats which have emerged in the past few years, some organizations in industry and government have formed groups known as "hunt teams" to defend their networks.

The term comes from the U.S. Department of Defense, according to eSentire, a cybersecurity firm specializing in helping enterprises deal with advanced threats. It refers to "a group of operational network defenders skilled in the latest attack techniques, and how to defend against them," the company explained in a white paper on the subject.

To some extent the term is jargon. Though it has undeniable cinematic flair – "hunt team" sounds far more dynamic than "IT experts reviewing incident logs" – it doesn't represent a radical departure from cybersecurity practices a decade ago, even if online attacks have become more complicated.

At the same time, it's more than a buzzword because there really are cyber security researchers out there who fit the definition.

At the RSA Conference in 2015, Joshua Stevens, enterprise security architect for HP Security, gave a presentation on hunt team skillsets and on the ways analytics and visualization tools can be used to help identify cyber threats. The qualifications cited in the presentation suggest hunt team members should have advanced intrusion detection and malware analysis skills, data science and programming skills, and a creative, analytical mindset.

A hunt team, then, is a group of cyber security experts. Gartner employs the term Managed Detection and Response to describe the business model rather than the group of people.

[Where is cybersecurity headed? Read 7 Cyber-Security Skills In High Demand.]

The CTO of a mid-sized financial firm based in New York spoke with InformationWeek in a phone interview about how his company employs a hunt team. He asked that he and his firm, a customer of eSentire's, not be named.

His company, he said, has outsourced its hunt team to eSentire, while also working with another unspecified security vendor.

"The idea is we're not qualified to do that," he said. "They employ a network operations center with analysts working around the clock."

Finding qualified people can be a challenge, given the shortage of skilled cybersecurity professionals. "My peers generally agree it would be very difficult to have this kind of expertise in house," the CTO said. "Even if you could bring the skills in house it's probably not a good idea because it's such a dynamic field."

If you try to assemble an in-house hunt team, your own personnel may have to work harder to benefit from external incidents. A vendor handling many clients, however, can apply what it learned from one client to protect its other customers.

While 99% of the time nothing goes wrong at this CTO's particular financial company – and that's with thousands of touches on its network daily – the round-the-clock vigilance of a hunt team has still proven valuable. The CTO said his company uses eSentire to its potential every minute of every day. He recounted the time when an ad injection attack got past the company scanners and infected a computer. The compromised machine tried to reach out for additional malware but eSentire caught it.

"It was the fact eSentire was analyzing our data in real-time that prevented anything bad from happening," the CTO said. "Plenty of companies purport to be intrusion detection, but few have real-time human intervention."

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    For the first time since the 1980s, we’re excited about a music synthesizer

    Later this month, though, that’ll change with the introduction of the Seaboard Block.The Seaboard Block, which Roli announced on Thursday, is the smallest, lightest, and most compact Seaboard yet.
  • 5300c769af79e

    Want to Watch Super Bowl 51 Alone and in Virtual Reality? There's an App for That

    Whether you are alone this weekend with plans to watch the Super Bowl, or maybe you are hosting a party and want to show friends and family the genius of virtual reality technology, FOX will offer a stream of Super Bowl 51 in VR this weekend, available directly from the FOX Sports VR application.Once booted up and placed inside your Cardboard, Daydream, or Gear VR (separate app available for Samsung users) headset, the VR experience will grant you access to your own private VR suite for viewing the game.
  • 5300c769af79e

    Solve Your Problems With IKEA 'Retail Therapy'

    The world is so big, it's easy to forget that we all share the same problems: a snoring partner, self-centered friend, mischievous kids, disconnected siblings.But IKEA wants to bring people together the best way it knows how: shopping.
  • 5300c769af79e

    DEAL: Google Home Drops to $109 ($20 Off)

    At a $20 discount, you can begin the transformation into voice control over your home for just $109 or add on an additional unit, assuming you already own a Google Home.I should probably point out that Google Home experienced a bit of a connectivity issue over the weekend that left some users hearing a “Somewhere went wrong” message.