0 Results Found
            Back To Results

              Counter Threat Unit™ (CTU) Research Team

              Applying Elite Threat Intelligence to Enhance Security Operations

              At SecureWorks, we’ve been providing intelligence-driven security solutions from the beginning. Threat intelligence is the fuel that powers the engine of our security operations and greatly enhances the effectiveness of the security solutions we provide.

              With more than 65 of the world’s most highly regarded security researchers, SecureWorks’ distinguished Counter Threat Unit™ research team (CTU) is what sets us apart. Our researchers analyse threat data across our global client base and actively monitor the cyber threat landscape to provide a globalized view of emerging threats, zero-day vulnerabilities, and the evolving tactics, techniques, and procedures (TTP) of advanced threat actors.

              The CTU™ research team's primary objective is to protect your information and operations from today’s most advanced security threats, by applying its research and threat intelligence into all aspects of our security solutions.

              With relentless dedication to keeping you ahead of newly identified threats, our CTU research team is:

              • Highly regarded within the security industry
              • Often first to market with identification many new emerging threats
              • Regularly called upon for our expertise by government agencies, law enforcement, and the private industry

              In addition, our researchers share pertinent information with the public at large.

              For security leaders and professionals, threat intelligence is actionable information that gives you early warning to cyber threats. Intelligence seeks to collect relevant information wherever it can be found; analysing and synthesising it into meaningful knowledge on which you can act. In today’s cyber threat landscape, intelligence can alert you to new and emerging global threats that may affect your operations. Intelligence can also help you identify actors who may be targeting your organisation such as with Advanced Persistent Threats, providing the insights to help you prepare or take action. 

              Creating threat intelligence that is meaningful and actionable requires specialised expertise, knowledge, and tools that go well beyond simple alerts and content searches. Experts must know where to look for information that maybe tucked away in the dimmer areas of the Internet and hacker communities, to construct an overall picture from a thousand disparate puzzle pieces of data. 

              SecureWorks researchers and security consultants are highly versed in the practices and nuances of intelligence formulation. With diverse backgrounds encompassing private security, military and intelligence experience, and combined with the understanding of how your business works, our security experts can deliver the visibility into threats and the actors behind them you need to protect your organisation.

              Cyber Security Index

              The CTU Cyber Security Index (CSI) is a threat-based, colour-coded system provided to notify clients about threats that might require protective measures. The CSI is evaluated daily by CTU researchers and updated when necessary. SecureWorks clients have access to the CSI and receive notifications of changes in the threat landscape via our CTP Portal.
              Cyber Security Index Levels

              CTU Capabilities

              Countermeasure Development

              CTU™ researchers spend considerable time and resources conducting vulnerability analysis, malware analysis and threat research to develop countermeasures to protect our iSensor clients. The CTU research team performs extensive testing of new countermeasures prior to distribution into client environments. In addition, the CTU researchers actively manage the lifecycle of countermeasures to ensure their continued effectiveness.

              Knowledge Sharing

              The CTU™ research team shares its research and intelligence with the broader SecureWorks organisation, in order to enable our Security and Risk Consulting practice and CTOC analyst teams to better understand and effectively address the threats our clients face. This knowledge sharing goes two ways, giving CTU researchers further perspective on what our security consultants and Counter Threat Operations personnel are seeing in client environments.

              CTU Advisories and Support

              The CTU™ research team provides specialised support to clients as a premium offering. This allows our clients to engage directly with the CTU research team for custom research. In addition, CTU personnel are called in to offer guidance and assistance during complex Incident Response & engagements when the circumstances and complexity of the incident dictate their involvement. In addition to security advisories sent exclusively to our clients, the CTU researchers will occasionally issue public security advisories. This includes advisories on vulnerabilities and threats uncovered by CTU research.

              Liaison to Law Enforcement, Military and Intelligence Communities

              The CTU™ research team maintains close ties to various public and private organisations involved in information security, including organisations such as the Forum of Incident Response and Security Teams, or FIRST, the National Cyber-Forensics & Training Alliance, or NCFTA, the Microsoft Active Protections Program, or MAPP, the Financial Services Information Sharing and Analysis Center, or FS-ISAC, and the National Health Information Sharing & Analysis Center, or NH-ISAC, among others.  Our CTU researchers share diverse backgrounds incorporating prior experience working with and for many of these organisations. These deep relationships provide further valuable information and insights into the threats our clients face, and help the CTU researchers and SecureWorks be more effective in our mission to protect our clients.

              Malware Analysis

              The CTU™ malware analysis team reverse engineers malware to keep abreast of current threats and to assist our clients in their incident response process. CTU malware analysis team identifies the capabilities, methods and targets of malware. It also assists in creating countermeasures, identifying Command and Control servers and protocols, exfiltrated data, and the relationships between various samples and attack campaigns.

              Security Innovation

              The CTU™ research team is charged with innovation and development of new capabilities in support of its mission to protect clients. SecureWorks invests heavily in new technology development and CTU research personnel are instrumental in leading new technology initiatives to enhance the effectiveness of SecureWorks’ security operations. These initiatives address emerging security concerns around Advanced Persistent Threats, Mobile Security, Cloud Security, Big Data and other emerging technologies.

              Threat Intelligence

              The CTU™ research team monitors for developing trends and emerging threats that may affect clients and provides a number of resources and feeds including a vulnerability feed, timely CTU TIPS alerts, a Microsoft Update Summary, a Microsoft Update Analysis, an Attacker Database of network threat indicators, a Cyber Security Index, and in-depth analysis of malware and threats. Clients can use the Global Threat Intelligence service to heighten the security capabilities and posture of their organisations. The CTU research team prides itself on delivering actionable guidance that assesses true threats organisations face and practical guidance to overcome them.

              Vulnerability Analysis and Management

              The CTU™ actively monitors for new vulnerabilities across vendors, assesses their significance, and communicates this information to our clients. The CTU research team is focused on delivering information to clients that is concise and actionable so they can quickly and effectively address the risk posed by these vulnerabilities. This includes in-depth analysis of both Microsoft’s monthly and out-of-cycle security bulletins.

              Specialised Threat Research

              As part of its research and threat intelligence capabilities, select CTU™ researchers perform deep analysis and reporting on specialised topics of concern. From time to time, the CTU research team will publish these specialised research reports to further educate and alert the broader security community and industry.

              CTU Leadership

              Barry Hensley

              Vice President, Counter Threat Unit (CTU) and Cyber Threat Analysis Center (CTAC)

              Barry Hensley | SecureWorksCol. (Retired) Barry Hensley is the Vice President of SecureWorks' Counter Threat Unit™ (CTU) and Cyber Threat Analysis Center (CTAC). The CTU™ is an expert group of security researchers who identify and analyze emerging threats while developing countermeasures to protect our customers. CTAC are leading security analysts embedded in our Security Operations Centers (SOC) worldwide. The CTU and CTAC partnership enables the team to quickly apply our threat intelligence to the day-to-day client consultations. Mr. Hensley is also the former Director of the Army's Global Network Operations and Security Center (AGNOSC).  Mr. Hensley served in various leadership positions at all levels within the communications and information security career field throughout his 24-year Army career. He holds a BBA in Information Systems from Georgia Southern University, an M.S. in Telecommunications from the University of Colorado and is a graduate of the National War College.

              Ben Feinstein

              Director - CTU Operations

              Ben Feinstein is the Director of CTU™ Operations and Development. He first became professionally involved in information security in 2000, working on a DARPA/US Air Force contract while earning his Bachelor of Science in computer science degree at Harvey Mudd College. 

              Feinstein is author of RFC 4765 and RFC 4767, and possesses more than a decade of experience designing, implementing and operationalizing security-related information systems. Feinstein has presented his research at Black Hat USA, DEF CON, ToorCon, DeepSec, the U.S.Department of Defense Cyber Crime Conference, and many other events. 

              Don Smith

              CTU Cyber Intel Cell and EMEA Lead

              Don Smith leads the CTU™ Cyber Intelligence Cell: a team of experienced threat analysts who, through the application of established intelligence practices, deliver actionable and timely intelligence products on the threats most relevant to SecureWorks clients. Don also leads the CTU research team in EMEA.

              Don joined SecureWorks in 2005 and, since then, has been instrumental in establishing a CTU presence in EMEA and building important relationships for SecureWorks in the region. His enthusiasm and threat expertise means that he regularly represents SecureWorks at industry events in EMEA. Don has 24 years’ experience in the IT industry and was previously responsible for security architecture and operations for a multi-billion enterprise, where he took a lead role in successfully integrating 14 acquisitions. He is a recognized subject-matter expert many areas of cybersecurity and advises SecureWorks and SecureWorks’ clients globally.

              Joe Stewart

              CTU Senior Security Researcher

              Joe Stewart is a well-known security researcher and recognized as a leading malware analyst. He was the first to discover that SoBig was sending spam, the first to detect and document that the Myfip Trojan was stealing intellectual property, discovered and unraveled the Clampi Trojan, highlighted the clues in the Aurora code leading back to China, uncovered the interworkings of the Storm Worm, developed the Conficker Eye Chart, and other achievements. 

              Stewart is currently focused on Advanced Persistent Threat (APT) research, where he is tracking malware families and tracing them back to their sources.

              Public Keys & Certificates

              Use the root CA certificate to verify the digital signature on email from SecureWorks Support, or provide browser trust of certificate issued by the CA.

              Current SecureWorks CTU PGP Public Key:


              Expired SecureWorks CTU PGP Public Key: