What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/22/2016
08:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams

If your organization doesn't run its own threat analysis center, it may be worth hiring a hunt team to watch your back. Here's what you need to know.

10 IoT Security Best Practices For IT Pros
10 IoT Security Best Practices For IT Pros
(Click image for larger view and slideshow.)

In response to sophisticated cyber-security threats that have emerged in the past few years, some organizations in industry and government have formed groups known as "hunt teams" to defend their networks.

The term comes from the US Department of Defense, according to eSentire, a cyber-security firm specializing in helping enterprises deal with advanced threats. It refers to "a group of operational network defenders skilled in the latest attack techniques, and how to defend against them," the company explained in a whitepaper on the subject.

To some extent the term is jargon. Though it has undeniable cinematic flair -- "hunt team" sounds far more dynamic than "IT experts reviewing incident logs" -- it doesn't represent a radical departure from cyber-security practices a decade ago, even if online attacks have become more complicated.

At the same time, it's more than a buzzword because there really are cyber-security researchers out there who fit the definition.

At the RSA Conference in 2015, Joshua Stevens, enterprise security architect for HP Security, gave a presentation on hunt team skill sets and on the ways analytics and visualization tools can be used to help identify cyber threats.

The qualifications cited in the presentation suggest hunt team members should have advanced intrusion detection and malware analysis skills, data science and programming skills, and a creative, analytical mindset.

A hunt team, then, is a group of cyber-security experts. Gartner employs the term managed detection and response to describe the business model rather than the group of people.

[Where is cyber-security headed? Read 7 Cyber-security Skills in High Demand.]

The CTO of a midsize financial firm based in New York spoke with InformationWeek in a phone interview about how his company employs a hunt team. He asked that he and his firm, a customer of eSentire's, not be named.

His company, he said, has outsourced its hunt team to eSentire, while also working with another unspecified security vendor.

"The idea is we're not qualified to do that," he said. "They employ a network operations center with analysts working around the clock."

(Image: Pixabay)

(Image: Pixabay)

Finding qualified people can be a challenge, given the shortage of skilled cyber-security professionals. "My peers generally agree it would be very difficult to have this kind of expertise in house," the CTO said. "Even if you could bring the skills in-house, it's probably not a good idea, because it's such a dynamic field."

If you try to assemble an in-house hunt team, your own personnel may have to work harder to benefit from external incidents. A vendor handling many clients, however, can apply what it learned from one client to protect its other customers.

While 99% of the time nothing goes wrong at this CTO's particular financial company -- and that's with thousands of touches on its network daily -- the round-the-clock vigilance of a hunt team has still proven valuable. The CTO said his company uses eSentire to its potential every minute of every day.

He recounted the time when an ad injection attack got past the company scanners and infected a computer. The compromised machine tried to reach out for additional malware, but eSentire caught it.

"It was the fact eSentire was analyzing our data in real-time that prevented anything bad from happening," the CTO said. "Plenty of companies purport to be intrusion detection, but few have real-time human intervention."

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/23/2016 | 10:47:46 AM
Bah!
There is no tech talent shortage.  Period.

It's only a challenge when you're not willing to pay people what they're worth.

Want to bring the cost down (over the course of the next several decades)?  Invest heavily in coding, cybersecurity, and other tech education at the secondary-school level.

But then, if it becomes a job almost everyone can do, then you risk driving the cost so low that people with real, unique talent will be moved to work elsewhere.


How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll