The CTU™ research team shares its research and intelligence with the broader SecureWorks organization, in order to enable our Security and Risk Consulting practice and CTOC analyst teams to better understand and effectively address the threats our clients face. This knowledge sharing goes two ways, giving CTU researchers further perspective on what our security consultants and Counter Threat Operations personnel are seeing in client environments.

The CTU™ research team maintains close ties to various public and private organizations involved in information security, including organizations such as the Forum of Incident Response and Security Teams, or FIRST, the National Cyber-Forensics & Training Alliance, or NCFTA, the Microsoft Active Protections Program, or MAPP, the Financial Services Information Sharing and Analysis Center, or FS-ISAC, and the National Health Information Sharing & Analysis Center, or NH-ISAC, among others. Our CTU researchers share diverse backgrounds incorporating prior experience working with and for many of these organizations. These deep relationships provide further valuable information and insights into the threats our clients face, and help the CTU researchers and SecureWorks be more effective in our mission to protect our clients.

The CTU™ malware analysis team reverse engineers malware to keep abreast of current threats and to assist our clients in their incident response process. CTU malware analysis team identifies the capabilities, methods and targets of malware. It also assists in creating countermeasures, identifying Command and Control servers and protocols, exfiltrated data, and the relationships between various samples and attack campaigns.

The CTU™ research team is charged with innovation and development of new capabilities in support of its mission to protect clients. SecureWorks invests heavily in new technology development and CTU research personnel are instrumental in leading new technology initiatives to enhance the effectiveness of SecureWorks’ security operations. These initiatives address emerging security concerns around Advanced Persistent Threats, Mobile Security, Cloud Security, Big Data and other emerging technologies.

As part of its research and threat intelligence capabilities, select CTU™ researchers perform deep analysis and reporting on specialized topics of concern. From time to time, the CTU research team will publish these specialized research reports to further educate and alert the broader security community and industry.

The CTU™ research team monitors for developing trends and emerging threats that may affect clients and provides a number of resources and feeds including a vulnerability feed, timely CTU TIPS alerts, a Microsoft Update Summary, a Microsoft Update Analysis, an Attacker Database of network threat indicators, a Cyber Security Index, and in-depth analysis of malware and threats . Clients can use the Global Threat Intelligence service to heighten the security capabilities and posture of their organizations. The CTU research team prides itself on delivering actionable guidance that assesses true threats organizations face and practical guidance to overcome them.

The CTU™ actively monitors for new vulnerabilities across vendors, assesses their significance, and communicates this information to our clients. The CTU research team is focused on delivering information to clients that is concise and actionable so they can quickly and effectively address the risk posed by these vulnerabilities. This includes in-depth analysis of both Microsoft’s monthly and out-of-cycle security bulletins.

Col. (Retired) Barry Hensley is the Vice President of SecureWorks' Counter Threat Unit™ (CTU) and Cyber Threat Analysis Center (CTAC). The CTU™ is an expert group of security researchers who identify and analyze emerging threats while developing countermeasures to protect our customers. CTAC are leading security analysts embedded in our Security Operations Centers (SOC) worldwide. The CTU and CTAC partnership enables the team to quickly apply our threat intelligence to the day-to-day client consultations. Mr. Hensley is also the former Director of the Army's Global Network Operations and Security Center (AGNOSC).  Mr. Hensley served in various leadership positions at all levels within the communications and information security career field throughout his 24-year Army career. He holds a BBA in Information Systems from Georgia Southern University, an M.S. in Telecommunications from the University of Colorado and is a graduate of the National War College.

Ben Feinstein is the Director of CTU™ Operations and Development. He first became professionally involved in information security in 2000, working on a DARPA/US Air Force contract while earning his Bachelor of Science in computer science degree at Harvey Mudd College. 

Feinstein is author of RFC 4765 and RFC 4767, and possesses more than a decade of experience designing, implementing and operationalizing security-related information systems. Feinstein has presented his research at Black Hat USA, DEF CON, ToorCon, DeepSec, the U.S.Department of Defense Cyber Crime Conference, and many other events. 

Don Smith leads the CTU™ Cyber Intelligence Cell: a team of experienced threat analysts who, through the application of established intelligence practices, deliver actionable and timely intelligence products on the threats most relevant to SecureWorks clients. Don also leads the CTU research team in EMEA.

Don joined SecureWorks in 2005 and, since then, has been instrumental in establishing a CTU presence in EMEA and building important relationships for SecureWorks in the region. His enthusiasm and threat expertise means that he regularly represents SecureWorks at industry events in EMEA. Don has 24 years’ experience in the IT industry and was previously responsible for security architecture and operations for a multi-billion enterprise, where he took a lead role in successfully integrating 14 acquisitions. He is a recognized subject-matter expert many areas of cybersecurity and advises SecureWorks and SecureWorks’ clients globally.

Joe Stewart is a well-known security researcher and recognized as a leading malware analyst. He was the first to discover that SoBig was sending spam, the first to detect and document that the Myfip Trojan was stealing intellectual property, discovered and unraveled the Clampi Trojan, highlighted the clues in the Aurora code leading back to China, uncovered the interworkings of the Storm Worm, developed the Conficker Eye Chart, and other achievements. 

Stewart is currently focused on Advanced Persistent Threat (APT) research, where he is tracking malware families and tracing them back to their sources.