The CTU™ research team shares its research and intelligence with the broader Secureworks organization, in order to enable our Security and Risk Consulting practice and CTOC analyst teams to better understand and effectively address the threats our clients face. This knowledge sharing goes two ways, giving CTU researchers further perspective on what our security consultants and Counter Threat Operations personnel are seeing in client environments.

The CTU™ research team maintains close ties to various public and private organizations involved in information security, including organizations such as the Forum of Incident Response and Security Teams, or FIRST, the National Cyber-Forensics & Training Alliance, or NCFTA, the Microsoft Active Protections Program, or MAPP, the Financial Services Information Sharing and Analysis Center, or FS-ISAC, and the National Health Information Sharing & Analysis Center, or NH-ISAC, among others. Our CTU researchers share diverse backgrounds incorporating prior experience working with and for many of these organizations. These deep relationships provide further valuable information and insights into the threats our clients face, and help the CTU researchers and Secureworks be more effective in our mission to protect our clients.

The CTU™ malware analysis team reverse engineers malware to keep abreast of current threats and to assist our clients in their incident response process. CTU malware analysis team identifies the capabilities, methods and targets of malware. It also assists in creating countermeasures, identifying Command and Control servers and protocols, exfiltrated data, and the relationships between various samples and attack campaigns.

Some clients have concerns about targeted attacks and threat actors who may seek to damage the customers’ brand or reputation. Are they an impending target for hostile action such as a DDoS or defacement? Are there indicators that an attempted breach is possible or imminent? The Enterprise Brand Surveillance service provides intelligence on and analysis of changes in the threat landscape, with particular focus on any information that could pose risk to the client’s business, including planned attacks and exposed credentials or intellectual property. CTU researchers leverage proprietary open source collection capabilities and methodologies to report and alert on security threats to clients’ organisations.

Although Secureworks’ incident response practice addresses and eradicates cybersecurity incidents worldwide, clients are increasingly interested in discovering threat vectors and hostile actors before they become successful. The Targeted Threat Hunting team supplements incident responders by applying advanced persistent threat-focused research, calling upon a variety of forensic data and developing coordinated countermeasures for clients. Unlike traditional penetration testing, Threat Hunting does more than search for vulnerabilities in the network, but applies innovative solutions and targeted intelligence to discover actual indicators of compromise and implement solutions in advance of an incident.

The CTU™ research team monitors for developing trends and emerging threats that may affect clients and provides a number of resources and feeds including a vulnerability feed, timely CTU TIPS alerts, a Microsoft Update Summary, a Microsoft Update Analysis, an Attacker Database of network threat indicators, a Cyber Security Index, and in-depth analysis of malware and threats . Clients can use the Global Threat Intelligence service to heighten the security capabilities and posture of their organizations. The CTU research team prides itself on delivering actionable guidance that assesses true threats organizations face and practical guidance to overcome them.

The CTU™ actively monitors for new vulnerabilities across vendors, assesses their significance, and communicates this information to our clients. The CTU research team is focused on delivering information to clients that is concise and actionable so they can quickly and effectively address the risk posed by these vulnerabilities. This includes in-depth analysis of both Microsoft’s monthly and out-of-cycle security bulletins.

Ben Feinstein leads the CTU™ Operations, Future Operations, Research Support and Vulnerability Analysis teams. The CTU Operations team provides direct escalation support to our front line security analysts and also develops our high fidelity endpoint and network based countermeasures. Ben first became professionally involved in information security in 2000, working on a DARPA/US Air Force contract while earning his Bachelor of Science in computer science from Harvey Mudd College.

Ben possesses more than 16 years of experience designing, implementing and operationalizing security-related information systems with a focus in the areas of network IDS/IPS, security operations, and digital forensics and incident response. He has presented his research at Black Hat USA, DEF CON, ToorCon, DeepSec, the U.S. Department of Defense Cyber Crime Conference, and many other events.

Don Smith leads the CTU™ Cyber Intelligence Cell, a team of experienced threat analysts who, through the application of established intelligence practices, deliver actionable and timely intelligence products on the threats most relevant to Secureworks clients. Don also leads the CTU research team in EMEA.

Don joined Secureworks in 2005 and, since then, has been instrumental in establishing a CTU presence in EMEA and building important relationships for Secureworks in the region. His enthusiasm and threat expertise means that he regularly represents Secureworks at industry events in EMEA. Don has 24 years’ experience in the IT industry and was previously responsible for security architecture and operations for a multi-billion enterprise, where he took a lead role in successfully integrating 14 acquisitions. He is a recognized subject-matter expert in many areas of cybersecurity and advises Secureworks and Secureworks’ clients globally.

Jeffrey leads the CTU’s expansive threat intelligence production function as well as the incident response consulting practice.  His threat intelligence responsibilities include targeted support for clients experiencing time-sensitive security concerns, as well as enterprise surveillance to determine the potential for compromise or other hostile action.  As the lead for incident responders, Jeffrey manages hundreds of concurrent response engagements worldwide with a focus on timeliness, service excellence and full threat eradication. 

Jeffrey previously served as both the Technical Manager and Incident Response Team Lead at Carnegie Mellon’s CERT® Coordination Center, working closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States. 

Justin leads a team of world class researchers focused on investigating and responding to the most sophisticated cyber threats our clients face. The CTU-SO team is on the bleeding edge of security innovation continuously developing tools, process, and capabilities that power our Advanced Endpoint Threat Detection and Targeted Threat Hunting services. 

Justin has over 15 years of experience working as a leader in telecommunications, networking and security industry. He holds a B.S. in Information Systems from Oregon State University and M.S. in Telecommunications from the University of Colorado. Justin is also a Reservist in the U.S. Army where he leads a team of soldiers focused on cyber operations.;