Armor Threat Resistance Unit

The Armor Threat Resistance Unit (TRU) is an elite sector of our security operations center (SOC), TRU’s mission is to stay ahead of cybercriminals on the everchanging landscape of cybercrime. The unit gathers knowledge about new and emerging threats and turns it into threat intelligence that strengthens the defenses we build to protect our customers’ IT environments. TRU is staffed by seasoned former members of top cybersecurity teams in the intelligence community, with more than 60 years of combined experience.

View Transcript
View Transcript

Armor’s Threat Resistance Unit Delivers Threat Intelligence to Protect Your IT Environment

Dynamic Threat Blocking

Armor’s dynamic threat blocking (DTB) is a cloud-based IP reputation management service (IPRM) that maintains and continuously updates our proprietary blacklist and incorporates data from third-party feeds to block incoming and outgoing malicious IP addresses from communicating with your network. It works at every layer of your IT environment—network, host, or application.

Exploit and Malware Analysis

TRU dissects malware and other cyberthreat payloads to figure out how they work and who they could affect. Then the SOC applies that knowledge to create rules-based countermeasures that will automatically detect future threats and protect our infrastructure and our customers’ IT environments.

Threat Hunting

We scour the internet for new and emerging cyberthreats and gain knowledge of the latest tactics, techniques, and procedures (TTPs) cybercriminals are using to implement malicious events. We break those down and apply that knowledge to reverse engineer threats and test our security controls. We build new defenses to counteract these threats and make sure they are working to protect our infrastructure and that of our customers.

Threat Intelligence

Armor’s SOC, including TRU, gathers and consumes threat intelligence from multiple sources (e.g., dark web, deep web, pastebin sites, previous events and logs, black market sites and hacker forums, etc.) and then takes appropriate action. Throughout this process, we not only scan for threats in general but apply targeted monitoring to find and secure sensitive customer information that may have been attained through a compromise or intellectual property theft.

SOC Force Multiplier

TRU augments existing cybersecurity teams so that threat hunting doesn’t become another SOC workload. TRU pores over your uploaded logs and searches for anomalies, signatures, and patterns. Looking for the threats the AV community has not identified yet. When threats are detected, TRU works with the SOC to refine and implement new security controls and signatures. Acting as the SOC’s early warning system, we share threat intelligence, enabling the SOC to rapidly deploy security tools and other countermeasures, while arming them with up-to-the-minute information on cybercriminals’ latest TTPs.

Meet the Threat Resistance Unit

Armor’s TRU experts have extensive experience in penetration testing (i.e., computer network exploitation operations) and red team operations. TRU not only works for Armor and our customers, but they contribute their intelligence and findings to the larger SecaaS community, fighting to make the internet and the cloud safe for business.

TRU in Action | Drupalgeddon 2

Drupal vulnerability was discovered in March 2018 and TRU aided with a post mortem analysis after a successful compromise. Senior Threat Intelligence Analyst, Corey Milligan, identified malicious files that were deployed at the time of compromise but hadn’t been seen by the major anti-virus vendors (AV) yet. TRU worked closely with a third-party vendor to scan and signature all the related files. Upon signature deployment, other compromised hosts were discovered that the AV vendors had missed. We submitted more than 100 previously unidentified malicious files to aggregators like VirusTotal.

Armor Security Operations Center in Action

Our elite SOC team tirelessly monitors and protects your critical data workloads and applications, whether they are in the cloud, on premise, or a hybrid environment. When you partner with Armor, our cybersecurity experts act as an extension of your security program with 24/7/365 monitoring and protection.

Learn how the Armor SOC works to form a protective barrier against threat actors and the attempts they make to compromise your organization.