Saturday, May 28, 2016

Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence


Ben is co-founder and chief security strategist for Carbon Black.
In that role, he uses his experience as a cofounder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry analysts.
Johnson, who was directly responsible for the powerful functionality of the Carbon Black endpoint threat detection and response (ETDR) solution, has extensive experience building complex systems for environments where speed and reliability are paramount.
His background also includes a great deal of technical “agility,” having worked on advanced operational teams supporting U.S. national security missions and writing complex calculation engines for the financial sector.
Ben earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University

Brakeing Down Security was so happy to have him on to discuss EDR (#Endpoint Detection and Response), TTP (#Tactics, Techniques, and Procedures), and #Threat #Intelligence industry.

Ben discusses with us the Layered Approach to EDR:
1. Hunting
2. Automation
3. Integration
4. Retrospection
5. Patterns of Attack/Detection
6. indicator-based detection
7. Remediation
8. Triage
9. Visibility

We also discuss how VirusTotal's changes in policy regarding sharing of information is going to affect the threat intel industry.

Ben also discusses his opinion of our "Moxie vs. Mechanisms" podcast, where businesses spend too much on shiny boxes vs. people.

Brakesec apologizes for the audio issues during minute 6 and minute 22. Google Hangouts was not kind to us :(
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-021-Ben_Johnson-Carbon_black-Threat_intelligence.mp3
iTunes:
YouTube: https://youtu.be/I10R3BeGDs4
RSS: http://www.brakeingsecurity.com/rss
Show notes: https://docs.google.com/document/d/12Rn-p1u13YlmOORTYiM5Q2uKT5EswVRUj4BJVX7ECHA/edit?usp=sharing (great info)
https://roberthurlbut.com/blog/make-threat-modeling-work-oreilly-2016

Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Here is a new episode of Brakeing Down Security Podcast!
Posted by at
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)