Dell SecureWorks has launched a new threat-hunting service designed to detect the presence of complex cyberattacks inside organisations in a sign that security forensics could be about to become more mainstream.
The firm already offers a range of security services from within its Counter Threat Unit (CTU), to which it has now added the Targeted Threat Hunting service it is pitching as a way of detecting targeted attacks.
Such detection services are currently available from a flourishing cottage industry of consultants, usually at eye-watering expense that prices in the complexity of correlating the tiny traces left by attckers.
Dell SecureWorks said the service was able to “comb” customers for signs of incursion thanks to expertise and intelligence gathered from the 50 billion events its data centres analyse each day.
“The most informative way to determine if a targeted threat is present in an environment is to collect and analyse data from network and endpoints in unison,” said Dell SecureWorks CTO, Jon Ramsey.
“We use instrumentation, advanced analytics and visualisation tools coupled with security threat intelligence and years of incident response experience from the Counter Threat Unit to locate the compromise, and contain and remediate the threat.”
The CTU was currently tracking 300 unique families of targeted malware, 2,500 domains used for hosting malware by criminals and 25,860 sub-domains, the company said.
The company tracked a range of advanced persistent threat (APT) patterns or indicators.
As to the complexity and expense of the service, the firm wouldn’t be drawn beyond saying that it used a combination of human analysis and proprietary tools and methodologies.
A factor here will be the level of automation on offer which is undoubtedly increasing as security forensics improves.
Dell SecureWorks has already sold the service in the US, EMEA and APJ, the firm confirmed.