0 Results Found
              Back To Results

                Counter Threat Unit™ (CTU™) Research Team

                Applying Elite Threat Intelligence to Enhance Security Operations


                At SecureWorks, we’ve been providing intelligence-driven security solutions from the beginning. Threat intelligence is the fuel that powers the engine of our security operations and greatly enhances the effectiveness of the security solutions we provide.

                With more than 70 of the world's most highly regarded security researchers, SecureWorks' distinguished Counter Threat Unit™ research team (CTU) is what sets us apart. Our researchers analyse threat data across our global client base and actively monitor the cyber threat landscape to provide a globalised view of emerging threats, zero-day vulnerabilities, and the evolving tactics, techniques, and procedures (TTP) of advanced threat actors.

                The CTU™ research team's primary objective is to protect your information and operations from today’s most advanced security threats, by applying its research and threat intelligence into all aspects of our security solutions.

                With relentless dedication to keeping you ahead of newly identified threats, our CTU research team is:

                • Highly regarded within the security industry
                • Often first to market with identification many new emerging threats
                • Regularly called upon for our expertise by government agencies, law enforcement, and the private industry

                In addition, our researchers share pertinent information with the public at large.

                For security leaders and professionals, threat intelligence is actionable information that gives you early warning to cyber threats. Intelligence seeks to collect relevant information wherever it can be found; analysing and synthesising it into meaningful knowledge on which you can act. In today’s cyber threat landscape, intelligence can alert you to new and emerging global threats that may affect your operations. Intelligence can also help you identify actors who may be targeting your organisation such as with Advanced Persistent Threats, providing the insights to help you prepare or take action. 

                Creating threat intelligence that is meaningful and actionable requires specialised expertise, knowledge, and tools that go well beyond simple alerts and content searches. Experts must know where to look for information that maybe tucked away in the dimmer areas of the Internet and hacker communities, to construct an overall picture from a thousand disparate puzzle pieces of data. 

                SecureWorks researchers and security consultants are highly versed in the practices and nuances of intelligence formulation. With diverse backgrounds encompassing private security, military and intelligence experience, and combined with the understanding of how your business works, our security experts can deliver the visibility into threats and the actors behind them you need to protect your organisation.

                Cyber Security Index

                The CTU Cyber Security Index (CSI) is a threat-based, colour-coded system provided to notify clients about threats that might require protective measures. The CSI is evaluated daily by CTU researchers and updated when necessary. SecureWorks clients have access to the CSI and receive notifications of changes in the threat landscape via our CTP Portal.
                Cyber Security Index Levels

                CTU Capabilities

                Countermeasure Development

                CTU™ researchers spend considerable time and resources conducting vulnerability analysis, malware analysis and threat research to develop countermeasures to protect our iSensor clients. The CTU research team performs extensive testing of new countermeasures prior to distribution into client environments. In addition, the CTU researchers actively manage the lifecycle of countermeasures to ensure their continued effectiveness.

                Knowledge Sharing

                The CTU™ research team shares its research and intelligence with the broader SecureWorks organisation, in order to enable our Security and Risk Consulting practice and CTOC analyst teams to better understand and effectively address the threats our clients face. This knowledge sharing goes two ways, giving CTU researchers further perspective on what our security consultants and Counter Threat Operations personnel are seeing in client environments.

                CTU Advisories and Support

                The CTU™ research team provides specialised support to clients as a premium offering. This allows our clients to engage directly with the CTU research team for custom research. In addition, CTU personnel are called in to offer guidance and assistance during complex Incident Response & engagements when the circumstances and complexity of the incident dictate their involvement. In addition to security advisories sent exclusively to our clients, the CTU researchers will occasionally issue public security advisories. This includes advisories on vulnerabilities and threats uncovered by CTU research.

                Liaison to Law Enforcement, Military and Intelligence Communities

                The CTU™ research team maintains close ties to various public and private organisations involved in information security, including organisations such as the Forum of Incident Response and Security Teams, or FIRST, the National Cyber-Forensics & Training Alliance, or NCFTA, the Microsoft Active Protections Program, or MAPP, the Financial Services Information Sharing and Analysis Center, or FS-ISAC, and the National Health Information Sharing & Analysis Center, or NH-ISAC, among others.  Our CTU researchers share diverse backgrounds incorporating prior experience working with and for many of these organisations. These deep relationships provide further valuable information and insights into the threats our clients face, and help the CTU researchers and SecureWorks be more effective in our mission to protect our clients.

                Malware Analysis

                The CTU™ malware analysis team reverse engineers malware to keep abreast of current threats and to assist our clients in their incident response process. CTU malware analysis team identifies the capabilities, methods and targets of malware. It also assists in creating countermeasures, identifying Command and Control servers and protocols, exfiltrated data, and the relationships between various samples and attack campaigns.

                Targeted Threat Hunting

                Although SecureWorks’ incident response practice addresses and eradicates cybersecurity incidents worldwide, clients are increasingly interested in discovering threat vectors and hostile actors before they become successful. The Targeted Threat Hunting team supplements incident responders by applying advanced persistent threat-focused research, calling upon a variety of forensic data and developing coordinated countermeasures for clients. Unlike traditional penetration testing, Threat Hunting does more than search for vulnerabilities in the network, but applies innovative solutions and targeted intelligence to discover actual indicators of compromise and implement solutions in advance of an incident.

                Threat Intelligence

                The CTU™ research team monitors for developing trends and emerging threats that may affect clients and provides a number of resources and feeds including a vulnerability feed, timely CTU TIPS alerts, a Microsoft Update Summary, a Microsoft Update Analysis, an Attacker Database of network threat indicators, a Cyber Security Index, and in-depth analysis of malware and threats. Clients can use the Global Threat Intelligence service to heighten the security capabilities and posture of their organisations. The CTU research team prides itself on delivering actionable guidance that assesses true threats organisations face and practical guidance to overcome them.

                Vulnerability Analysis and Management

                The CTU™ actively monitors for new vulnerabilities across vendors, assesses their significance, and communicates this information to our clients. The CTU research team is focused on delivering information to clients that is concise and actionable so they can quickly and effectively address the risk posed by these vulnerabilities. This includes in-depth analysis of both Microsoft’s monthly and out-of-cycle security bulletins.

                Enterprise Surveillance

                Some clients have concerns about targeted attacks and threat actors who may seek to damage the customers’ brand or reputation. Are they an impending target for hostile action such as a DDoS or defacement? Are there indicators that an attempted breach is possible or imminent? The Enterprise Brand Surveillance service provides intelligence on and analysis of changes in the threat landscape, with particular focus on any information that could pose risk to the client’s business, including planned attacks and exposed credentials or intellectual property. CTU researchers leverage proprietary open source collection capabilities and methodologies to report and alert on security threats to clients’ organisations.

                CTU Leadership

                Barry Hensley

                Chief Threat Intelligence Officer, SVP

                Barry Hensley | SecureWorksCol. (Retired) Barry Hensley leads SecureWorks' Counter Threat Unit™ (CTU) and Cyber Threat Analysis Center (CTAC). The CTU™ is an expert group of security researchers who identify and analyse emerging threats while developing countermeasures to protect our clients. CTAC are leading security analysts embedded in our Security Operations Centers (SOC) worldwide. The CTU and CTAC partnership enables the team to quickly apply our threat intelligence to the day-to-day client consultations. Barry is also the former Director of the Army's Global Network Operations and Security Center (AGNOSC). Barry served in various leadership positions at all levels within the communications and information security career field throughout his 24-year Army career. Barry holds a BBA in Information Systems from Georgia Southern University, an M.S. in Telecommunications from the University of Colorado and is a graduate of the National War College.


                Ben Feinstein

                Senior Director - CTU Operations and Research Support (CTU-OPS)

                Ben Feinstein leads the CTU™ Operations, Future Operations, Research Support and Vulnerability Analysis teams. The CTU Operations team provides direct escalation support to our front line security analysts and also develops our high fidelity endpoint and network based countermeasures. Ben first became professionally involved in information security in 2000, working on a DARPA/US Air Force contract while earning his Bachelor of Science in computer science from Harvey Mudd College.

                Ben possesses more than 16 years of experience designing, implementing and operationalising security-related information systems with a focus in the areas of network IDS/IPS, security operations, and digital forensics and incident response. He has presented his research at Black Hat USA, DEF CON, ToorCon, DeepSec, the U.S. Department of Defense Cyber Crime Conference, and many other events.

                Don Smith

                Senior Director - Cyber Intel Cell (CIC) and EMEA Lead (CTU-CIC)

                Don Smith leads the CTU™ Cyber Intelligence Cell, a team of experienced threat analysts who, through the application of established intelligence practices, deliver actionable and timely intelligence products on the threats most relevant to SecureWorks clients. Don also leads the CTU research team in EMEA.

                Don joined SecureWorks in 2005 and, since then, has been instrumental in establishing a CTU presence in EMEA and building important relationships for SecureWorks in the region. His enthusiasm and threat expertise means that he regularly represents SecureWorks at industry events in EMEA. Don has 24 years’ experience in the IT industry and was previously responsible for security architecture and operations for a multi-billion enterprise, where he took a lead role in successfully integrating 14 acquisitions. He is a recognised subject-matter expert in many areas of cybersecurity and advises SecureWorks and SecureWorks’ clients globally.

                Justin Turner

                Director of CTU Special Operations (CTU-SO)

                Justin leads a team of world class researchers focused on investigating and responding to the most sophisticated cyber threats our clients face. The CTU-SO team is on the bleeding edge of security innovation continuously developing tools, process, and capabilities that power our Advanced Endpoint Threat Detection and Targeted Threat Hunting services. 

                Justin has over 15 years of experience working as a leader in telecommunications, networking and security industry. He holds a B.S. in Information Systems from Oregon State University and M.S. in Telecommunications from the University of Colorado. Justin is also a Reservist in the U.S. Army where he leads a team of soldiers focused on cyber operations.   

                Jeffrey Carpenter

                Senior Director of Threat Intelligence and Incident Response Consulting (CTU-TI)

                Jeffrey leads the CTU’s expansive threat intelligence production function as well as the incident response consulting practice.  His threat intelligence responsibilities include targeted support for clients experiencing time-sensitive security concerns, as well as enterprise surveillance to determine the potential for compromise or other hostile action.  As the lead for incident responders, Jeffrey manages hundreds of concurrent response engagements worldwide with a focus on timeliness, service excellence and full threat eradication. 

                Jeffrey previously served as both the Technical Manager and Incident Response Team Lead at Carnegie Mellon’s CERT® Coordination Center, working closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States. 

                Public Keys & Certificates

                Use the root CA certificate to verify the digital signature on email from SecureWorks Support, or provide browser trust of certificate issued by the CA.

                Current SecureWorks CTU PGP Public Key:

                Download



                Expired SecureWorks CTU PGP Public Key:

                Download