Threat Intelligence
Time is of the essence when protecting your organization's critical information assets against cyberthreats. However, finding the security intelligence that matters most to your organization consumes precious time and adds strains to in-house resources already stretched too thin. At times, days or even months can pass before vulnerabilities in your environment are patched, increasing business risk and expanding the window of exposure.
Leveraging Dell SecureWorks' global threat visibility across thousands of customer networks, proprietary toolsets and unmatched expertise, the Dell SecureWorks Counter Threat Unit (CTU) security research team performs in-depth analysis of emerging threats and zero-day vulnerabilities.
Powered by CTU research, the Dell SecureWorks Threat Intelligence service delivers early warnings and actionable security intelligence tailored specifically to your environment, enabling you to quickly protect against threats and vulnerabilities before they impact your organization. The Threat Intelligence service enables you to reduce considerable risk by closing the window of exposure more quickly, and also enables you to spend more time devoted to quickly remediating the risks most pertinent to your organization.
Threat Intelligence services provide:
- Proactive, actionable intelligence tailored to your environment
- Clear, concise threat & vulnerability analyses
- Detailed remediation information & recommendations
- Consultation with our threat experts
- On-demand access to extensive threat & vulnerability databases
- Malware analysis upon request
- XML intelligence feeds
- Integration with other Dell SecureWorks services for correlation and unified reporting
Threat Intelligence deliverables include:
Threat Feed
The Threat Feed provides Threat Intelligence customers with in-depth analyses of emerging threats. CTU security researchers publish exhaustive decompositions of Trojans, worms, rootkits and other forms of malware in a detailed threat report that investigates the core functions and operations of malicious code. The reports also provide recommendations for identifying and protecting assets from the threat being evaluated. These reports are published to the Dell SecureWorks Portal, where they are mapped to the profile of your environment and cross-referenced with pertinent vulnerabilities.
Vulnerability Feed
The Vulnerability Feed provides Threat Intelligence customers with detailed descriptions and recommendations to address current vulnerabilities. Our CTU experts gather and process vulnerability data from a number of public feeds, enriching the data with expert analysis and entering it into our vulnerability database. Within the Dell SecureWorks Customer Portal, vulnerabilities are mapped to your organization's assets and applications and you can easily query and report on vulnerability data relevant to your organization.
Advisory Feed
The Advisory Feed provides Threat Intelligence customers with strategic security reports that focus on significant events and trends across the current threat landscape. By leveraging security activity across our extensive customer base, our CTU security experts regularly publish Advisory Reports which include analysis of aggregate attack data as well as industry-specific threat analysis. Advisory Reports are provided via the Dell SecureWorks Portal and are cross-referenced with associated threat and vulnerability entries to provide actionable recommendations for protecting your critical assets. This allows customers to easily drill down to access additional information relevant to the Advisory.
Microsoft Update Analyses
Published within 24 hours of regular and out-of-cycle Microsoft patch releases, the Microsoft Update Analysis report provides a thorough examination of the patch content and the vulnerabilities addressed. The criticality of each vulnerability is reviewed by researchers with expertise in emerging threats and attack techniques. The report provides an assessment of the circumstances that must be present for successful exploitation and anticipated exploit activity is discussed. The CTU team uses this additional context to provide expert recommendations on which patches should be the highest priority for your organization.
Emerging Threat Bulletins (CTU Tips)
Emerging Threat Bulletins provide customers with real-time visibility into current research and analysis being conducted by the CTU. Whenever a new threat or trend is spotted, an Emerging Threat Bulletin is delivered to customers, containing information on the threat and recommendations for mitigation. These Emerging Threat Bulletins contain commentary designed to keep customers fully informed of new and potentially unknown security issues.
Weekly Intelligence Summary
The Weekly Intelligence Summary provides a high-level report summarizing the threats, vulnerabilities and advisories identified during the last seven days, and include aggregate attack data from across our extensive customer base.
Live Threat Intelligence Briefings
Live Threat Intelligence Briefings are conducted on a monthly basis as a venue to discuss current threats, vulnerabilities, advisories and recently released patches. CTU researches allow time for Q&A at the end of each session.
Additional services:
Attacker Database Feed
The Attacker Database Feed is one of the most extensive, proprietary repositories of attack source IP addresses and domain names commercially available. Dell SecureWorks correlates and analyzes attacks across tens of thousands of monitored security devices worldwide and processes billions of security events per day.
Custom Malware Analyses
Custom Malware Analyses, an additional option for Threat Intelligence customers, is extremely useful for learning about malware discovered in your environment, including determining malware attack vectors, payloads, methods of propagation and more. Upon receiving a sample of the malware in question, the CTU will analyze the malware using both proprietary and public toolsets. Within one business day, the CTU will provide a customized report detailing the composition of the malware.
CTU Support
CTU Support provides customers with direct access to expert CTU researchers for support regarding threats, vulnerabilities and advisories. When a request is submitted, a CTU researcher can be counted upon to respond within one business day. As well, all Threat Intelligence customers receive unlimited 24x7x365 remote support from the GIAC GCIA certified Security Analysts in our Security Operations Centers.