The intuition, skills, experience and knowledge of a security researcher are key to the success of a targeted threat hunting engagement.
Meet SecureWorks’ Director of the Counter Threat Unit Special Operations team, Justin Turner. Justin leads a collection of the industry’s best security researchers hunting for threat actors in customer networks. His team coaches customers on the necessary steps to gain maximum visibility of their network. Justin has over 15 years of experience working in the IT security industry as a researcher and leader in both the United States Department of Defense and commercial space.
Typical day for me is usually well maybe 3 key things. It’s either talking to a client who is having an incredibly bad day because they just got notification from somebody that they’ve had an intrusion. Talking to another client maybe who has a new board and wants some kind of reassurance of what is going on or maybe we have an active work going on with that client and they just want to talk about how things are going. And the third thing is obviously interaction with my team.
My team is a collection of the industry’s very best and I have the fortune to lead them through, uh, hunting for bad guys in client’s networks.
We are grief counselors first. So often times that client depending on how prepared or their capabilities if any that they have in house, kind of depending on what levels those are at really determines their ability to respond to this accordingly. And so, in a case where that client maybe doesn’t have all the tools that they need, um, they tend to be more panicked and the team for sure spends more time trying to kind of coach them through the steps they need to take in order to gain maximum visibility and to understand how to deal with this problem.
There is a conception that technology alone will solve their problem. That I can go find some magic end point solution or I can find some appliance to plug into my network and it that alone will solve all the problems. That’s never the case. Um, those appliances and that technology is great and you have to keep in mind if we put that in context of an attack, of an intruder into the network. They only have to get one thing right to break in and to get into a network. And so evasion of those other controls is – I won’t say it’s easy, it can be challenging in some cases. But, a determined advisory will get it done. And so the human being is critical um to make a threat hunting exercise um, you know, successful.
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.