Armor Threat Resistance Unit

The Armor Threat Resistance Unit (TRU) is an elite sector of our security operations center (SOC), TRU’s mission is to stay ahead of cybercriminals on the everchanging landscape of cybercrime. The unit gathers knowledge about new and emerging threats and turns it into threat intelligence that strengthens the defenses we build to protect our customers’ IT environments. TRU is staffed by seasoned former members of top cybersecurity teams in the intelligence community, with more than 60 years of combined experience.

View Transcript
View Transcript

Armor’s Threat Resistance Unit Delivers Threat Intelligence to Protect Your IT Environment

Dynamic Threat Blocking

Armor’s dynamic threat blocking (DTB) is a cloud-based IP reputation management service (IPRM) that maintains and continuously updates our proprietary blacklist and incorporates data from third-party feeds to block incoming and outgoing malicious IP addresses from communicating with your network. It works at every layer of your IT environment—network, host, or application.

Exploit and Malware Analysis

TRU dissects malware and other cyberthreat payloads to figure out how they work and who they could affect. Then the SOC applies that knowledge to create rules-based countermeasures that will automatically detect future threats and protect our infrastructure and our customers’ IT environments.

Threat Hunting

We scour the internet for new and emerging cyberthreats and gain knowledge of the latest tactics, techniques, and procedures (TTPs) cybercriminals are using to implement malicious events. We break those down and apply that knowledge to reverse engineer threats and test our security controls. We build new defenses to counteract these threats and make sure they are working to protect our infrastructure and that of our customers.

Threat Intelligence

Armor’s SOC, including TRU, gathers and consumes threat intelligence from multiple sources (e.g., dark web, deep web, pastebin sites, previous events and logs, black market sites and hacker forums, etc.) and then takes appropriate action. Throughout this process, we not only scan for threats in general but apply targeted monitoring to find and secure sensitive customer information that may have been attained through a compromise or intellectual property theft.

SOC Force Multiplier

TRU augments existing cybersecurity teams so that threat hunting doesn’t become another SOC workload. TRU pores over your uploaded logs and searches for anomalies, signatures, and patterns. Looking for the threats the AV community has not identified yet. When threats are detected, TRU works with the SOC to refine and implement new security controls and signatures. Acting as the SOC’s early warning system, we share threat intelligence, enabling the SOC to rapidly deploy security tools and other countermeasures, while arming them with up-to-the-minute information on cybercriminals’ latest TTPs.

Meet the Threat Resistance Unit

Armor’s TRU experts have extensive experience in penetration testing (i.e., computer network exploitation operations) and red team operations. TRU not only works for Armor and our customers, but they contribute their intelligence and findings to the larger SecaaS community, fighting to make the internet and the cloud safe for business.

Troy Dearing is the Head of the Threat Resistance Unit and oversees all cyber threat intelligence & threat hunting initiatives. He initially joined Armor\u2019s TRU as a Senior Ethical Hacker leveraging 22 years of expertise in IT and cyber security.<\/p>\n

See Blog Posts<\/a><\/p>\n","social_icons":[{"social":"linkedin","social_link":"https:\/\/\/in\/troydearing\/"},{"social":"twitter","social_link":"https:\/\/\/TroyDearing"}]},{"team_member_image":{"ID":16820,"id":16820,"title":"Chris Hinkley","filename":"Chris_Hinkley.jpg","url":"https:\/\/\/app\/uploads\/2018\/08\/Chris_Hinkley.jpg","alt":"","author":"124","description":"","caption":"","name":"chris_hinkley","date":"2018-08-10 15:06:58","modified":"2018-08-23 14:23:24","mime_type":"image\/jpeg","type":"image","icon":"https:\/\/\/wp\/wp-includes\/images\/media\/default.png","width":480,"height":600,"sizes":{"thumbnail":"https:\/\/\/app\/uploads\/2018\/08\/Chris_Hinkley-150x150.jpg","thumbnail-width":150,"thumbnail-height":150,"medium":"https:\/\/\/app\/uploads\/2018\/08\/Chris_Hinkley-240x300.jpg","medium-width":240,"medium-height":300,"medium_large":"https:\/\/\/app\/uploads\/2018\/08\/Chris_Hinkley.jpg","medium_large-width":480,"medium_large-height":600,"large":"https:\/\/\/app\/uploads\/2018\/08\/Chris_Hinkley.jpg","large-width":480,"large-height":600}},"team_member_name":"Chris Hinkley","team_member_title":"Lead Ethical Hacker","team_member_description":"

As senior security architect of FireHost, Chris Hinkley utilizes a decade of security expertise to design, test and deploy next generation security processes and techniques for the cloud. His work at Armor was instrumental in Armor being one of the first cloud companies globally to achieve PCI DSS compliance. Prior to Armor, Hinkley worked as a Web Developer for TargetScope, an interactive marketing and Web development company. In that role he created everything from website animations to complex and dynamic product configurations using the latest technology and development frameworks. With Armor, Hinkley has held a number of security and technology-related roles, including security engineer, lead engineer and support manager. In those roles he has serviced thousands of FireHost customer servers, including Windows and Linux, and overseen the security of all hosting environments to meet PCI, HIPAA and other compliance guidelines. Hinkley is a sought after speaker and author on cloud, security and open source topics, publishing regular columns in SecurityWeek and other industry magazines. Hinkley is a Certified Information Systems Security Professional (CISSP).<\/p>\n

See Blog Posts<\/a><\/p>\n","social_icons":[{"social":"linkedin","social_link":"https:\/\/\/in\/thehink"},{"social":"twitter","social_link":"https:\/\/\/incrediblehink"}]},{"team_member_image":{"ID":16818,"id":16818,"title":"Geoffrey Pamerleau","filename":"Geoffrey_Pamerleau.jpg","url":"https:\/\/\/app\/uploads\/2018\/08\/Geoffrey_Pamerleau.jpg","alt":"","author":"124","description":"","caption":"","name":"geoffrey_pamerleau","date":"2018-08-10 15:06:25","modified":"2018-08-10 15:20:45","mime_type":"image\/jpeg","type":"image","icon":"https:\/\/\/wp\/wp-includes\/images\/media\/default.png","width":480,"height":600,"sizes":{"thumbnail":"https:\/\/\/app\/uploads\/2018\/08\/Geoffrey_Pamerleau-150x150.jpg","thumbnail-width":150,"thumbnail-height":150,"medium":"https:\/\/\/app\/uploads\/2018\/08\/Geoffrey_Pamerleau-240x300.jpg","medium-width":240,"medium-height":300,"medium_large":"https:\/\/\/app\/uploads\/2018\/08\/Geoffrey_Pamerleau.jpg","medium_large-width":480,"medium_large-height":600,"large":"https:\/\/\/app\/uploads\/2018\/08\/Geoffrey_Pamerleau.jpg","large-width":480,"large-height":600}},"team_member_name":"Geoffrey Pamerleau","team_member_title":"Senior Ethical Hacker","team_member_description":"

Geoffrey Pamerleau joined Armor as a senior ethical hacker bringing 10 years of expertise in IT and cyber security to the Threat Resistance Unit (TRU). Before joining Armor, Geoff was a Computer Network Operator for the NSA, where he was tasked with performing computer network exploitation operations. He served in the United States Air Force with distinction as a Cyberspace Operations Officer. Prior to his commission, Geoff received a Bachelor\u2019s in Computer Science with a focus on Cyberwarfare from the United States Air Force Academy. While there, Geoff was a member of the Academy\u2019s Cyber Warfare Club and competed in National and International information security competitions. Geoff has certifications in incident handling and penetration testing from SANS and Offensive Security. (GCIH, GPEN, and OSCP).<\/p>\n

See Blog Posts<\/a><\/p>\n","social_icons":[{"social":"linkedin","social_link":"https:\/\/\/in\/geoffrey-pamerleau-22330a25\/"},{"social":"twitter","social_link":"https:\/\/\/_geoff_p_"}]},{"team_member_image":{"ID":16819,"id":16819,"title":"Corey Milligan","filename":"Corey_Milligan.jpg","url":"https:\/\/\/app\/uploads\/2018\/08\/Corey_Milligan.jpg","alt":"","author":"124","description":"","caption":"","name":"corey_milligan","date":"2018-08-10 15:06:52","modified":"2018-08-10 15:23:15","mime_type":"image\/jpeg","type":"image","icon":"https:\/\/\/wp\/wp-includes\/images\/media\/default.png","width":480,"height":600,"sizes":{"thumbnail":"https:\/\/\/app\/uploads\/2018\/08\/Corey_Milligan-150x150.jpg","thumbnail-width":150,"thumbnail-height":150,"medium":"https:\/\/\/app\/uploads\/2018\/08\/Corey_Milligan-240x300.jpg","medium-width":240,"medium-height":300,"medium_large":"https:\/\/\/app\/uploads\/2018\/08\/Corey_Milligan.jpg","medium_large-width":480,"medium_large-height":600,"large":"https:\/\/\/app\/uploads\/2018\/08\/Corey_Milligan.jpg","large-width":480,"large-height":600}},"team_member_name":"Corey Milligan","team_member_title":"Senior Threat Intelligence Analyst","team_member_description":"

Corey has more than 18 years of IT experience. Before coming to Armor, he worked his way up the Army ranks, retiring as a Chief Warrant Officer and one of the Army\u2019s first Cyber Operations Technicians. He holds some of the industries most sought after certifications including CISSP, GCIA, GNFA, and GCTI. As a member of Armor\u2019s Threat Response Unit, Corey provides threat intelligence support to the SOC and other divisions as needed, enhancing their efforts by collecting and analyzing open and closed source threat intelligence feeds, reporting on priority threats, identifying IOCs in support of network monitoring and incident response, and analyzing logs to identify hidden threats.<\/p>\n

See Blog Posts<\/a><\/p>\n","social_icons":[{"social":"linkedin","social_link":"https:\/\/\/in\/coreyjmilligan\/"}]}]' width='180px'>

TRU in Action | Drupalgeddon 2

Drupal vulnerability was discovered in March 2018 and TRU aided with a post mortem analysis after a successful compromise. Senior Threat Intelligence Analyst, Corey Milligan, identified malicious files that were deployed at the time of compromise but hadn’t been seen by the major anti-virus vendors (AV) yet. TRU worked closely with a third-party vendor to scan and signature all the related files. Upon signature deployment, other compromised hosts were discovered that the AV vendors had missed. We submitted more than 100 previously unidentified malicious files to aggregators like VirusTotal.

Armor Security Operations Center in Action

Our elite SOC team tirelessly monitors and protects your critical data workloads and applications, whether they are in the cloud, on premise, or a hybrid environment. When you partner with Armor, our cybersecurity experts act as an extension of your security program with 24/7/365 monitoring and protection.

Learn how the Armor SOC works to form a protective barrier against threat actors and the attempts they make to compromise your organization.