Saturday, May 28, 2016

Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence


Ben is co-founder and chief security strategist for Carbon Black.
In that role, he uses his experience as a cofounder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry analysts.
Johnson, who was directly responsible for the powerful functionality of the Carbon Black endpoint threat detection and response (ETDR) solution, has extensive experience building complex systems for environments where speed and reliability are paramount.
His background also includes a great deal of technical “agility,” having worked on advanced operational teams supporting U.S. national security missions and writing complex calculation engines for the financial sector.
Ben earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University

Brakeing Down Security was so happy to have him on to discuss EDR (#Endpoint Detection and Response), TTP (#Tactics, Techniques, and Procedures), and #Threat #Intelligence industry.

Ben discusses with us the Layered Approach to EDR:
1. Hunting
2. Automation
3. Integration
4. Retrospection
5. Patterns of Attack/Detection
6. indicator-based detection
7. Remediation
8. Triage
9. Visibility

We also discuss how VirusTotal's changes in policy regarding sharing of information is going to affect the threat intel industry.

Ben also discusses his opinion of our "Moxie vs. Mechanisms" podcast, where businesses spend too much on shiny boxes vs. people.

Brakesec apologizes for the audio issues during minute 6 and minute 22. Google Hangouts was not kind to us :(
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-021-Ben_Johnson-Carbon_black-Threat_intelligence.mp3
iTunes:
YouTube: https://youtu.be/I10R3BeGDs4
RSS: http://www.brakeingsecurity.com/rss
Show notes: https://docs.google.com/document/d/12Rn-p1u13YlmOORTYiM5Q2uKT5EswVRUj4BJVX7ECHA/edit?usp=sharing (great info)
https://roberthurlbut.com/blog/make-threat-modeling-work-oreilly-2016

Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Here is a new episode of Brakeing Down Security Podcast!

Sunday, May 15, 2016

2016-019-Creating proper business cases and justifications


Procurement is a process. Often a long drawn out, tedious process, but it is necessary to ensure that hardware and software is going to be what works in your organization.
We go over what is necessary to make sure your procurement is as smooth as possible. Some of the topics we discuss include:
1. Aligning business goals and operational goals
2. How to discuss ROI with management
3. Getting actionable information for business requirements from affected parties
4. Steering yourself away from confirmation bias or optimism bias, and ensuring you're thinking critically when comparing the current status quo vs. a new solution
5. Information you might want to gather from potential vendors to make a more informed decision as to whether their product is the one you want
And finally, we discuss how to handle the dread vendor demos. There may be a number of them, and they are arguably the best method of knowing the software or hardware is going to work for you.
This is a topic that affects everyone, whether you are a manager, or a user of the technology involved.
We also like to remind people that our DerbyCon CTF and raffle are still going on. There is plenty of time to get involved if you want a chance to get a ticket to Derbycon 2016!
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-019-business_cases_and_justifications-final.mp3
Itunes:

Links referred to in the show:

http://www.ask.com/business-finance/business-justification-example-cdebe6f929949e8c
http://www.iso20022.org/documents/BJ/BJ044/ISO20022BJ_ATICA_v4_with_comments.pdf
http://klariti.com/business-case-2/business-case-justify-business-need/
https://en.wikipedia.org/wiki/Business_case
https://en.wikipedia.org/wiki/Optimism_bias
http://www.ehow.com/how_6672801_write-business-justification.html

Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Here is a new episode of Brakeing Down Security Podcast!

Monday, May 9, 2016

2016-018-software restriction policies and Applocker


Windows has all the tools you need to secure an OS, but we rarely use them.  One example of this is 'Software restriction policies'. Which is a method by which you can block certain files from being saved anywhere, what file types can be executed in a directory, and can even whether or not you should allow software to install.

We also discuss the use of parental controls as a cheap, easy method of restricting users to access certain websites, installing software from iTunes store, or restricting access to certain functions or applications.

Also, the 2nd clue for our CTF can be found in this podcast... see if you can find the giant clue... :)

**NOTE: We had an issue with Mr. Boettcher's Windows 10 install, he's using Windows 10 Home, which does not appear to have Applocker or Software Restriction Policy by default.  So, I cut a lot of us bickering^H^H^H^H discussing how to get it to work, so the middle around 25:00 mark will feel a tad off. Apologies... I should have stopped recording.


Here is a new episode of Brakeing Down Security Podcast!

Sunday, May 1, 2016

2016-017-The Art of Networking, Salted Hashes, and the 1st annual Podcast CTF!


You might have heard "Network when you can, not when you have to..." The art of network is creating connections and nurturing relationships that benefit everyone. This week we discuss building networks, creating people networks that allow for free sharing of ideas and knowledge. Whether it be a professional organization, like ISSA or ISC2 meetings, or you just get a bunch of people together to have coffee on a Saturday morning.

We also brainstorm ideas on how people in our community keep their skills sharp, and why some seem to allow them to atrophy once they get a specific certification or degree. We cite examples of things and actions that allow you to gain more knowledge, and to ensure your company will still see you as an SME. CPEs can be gained in the most simplest of methods. Just by listening to this podcast, for example, you can receive one CPE (1 hour = 1 CPE) there are many other ways of getting them. and we cite several in this podcast.

We also discuss the continued use of unsalted, weakly hashed passwords in systems, and why a recent breach of a custom Minecraft implementation allowed it to occur.

Story: http://news.sky.com/story/1687550/minecraft-hack-exposes-seven-million-passwords

But I think the most exciting part of the podcast is the announcement of the 1st annual Brakeing Down Security Podcast CTF! The details can be found in the podcast.

 Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-017-Networking-Podcast_CTF-salted_hashes.mp3

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast

RSS FEED: http://www.brakeingsecurity.com/rss

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

#Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969

Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/


Here is a new episode of Brakeing Down Security Podcast!