Improving Cognitive and Collaborative Support for Security Threat Hunters

Threat hunters play a critical role in ensuring the security of Canadian corporate and government agency systems. Threat hunters monitor how data, systems, and networks are accessed to be aware of possible threats that may occur before systems or data sources are compromised. Working in teams, threat hunters generate hypotheses and proactively analyze massive amounts of system and network data to detect and isolate impending threats. Current tools are developed without a good understanding of the cognitive and collaborative needs of threat hunters. Through this collaborative project, we will develop an understanding of the different types of threat hunter personas, the tasks they do and the challenges faced. Using these insights, we will design, develop and evaluate novel tools for threat hunters to more effectively visualize, analyze and share information on possible threats. These findings will directly help Micro Focus to improve the threat hunting tools they develop.

Faculty Supervisor:

Margaret-Anne Storey

Student:

Partner:

Micro Focus Software (Canada) ULC

Discipline:

Computer science

Sector:

Information and cultural industries; Professional, scientific and technical services

University:

University of Victoria

Program: