[podcast] Carbon Black’s Ben Johnson: EDR and threat intel

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

[podcast] Carbon Black’s Ben Johnson: EDR and threat intel

Published: June 1, 2016 | By: BrBr | Views: 1935
save

 

Ben Johnson (@chicagoben on Twitter) has spent a good deal of time working on protecting client’s endpoints. From his work at the NSA, to being the co-founder of Carbon Black (@carbonblack_inc).

Ben is co-founder and chief security strategist for Carbon Black.

In that role, he uses his experience as a cofounder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry analysts.

Johnson, who was directly responsible for the powerful functionality of the Carbon Black endpoint threat detection and response (ETDR) solution, has extensive experience building complex systems for environments where speed and reliability are paramount.

His background also includes a great deal of technical “agility,” having worked on advanced operational teams supporting U.S. national security missions and writing complex calculation engines for the financial sector.

Ben earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-021-Ben_Johnson-Carbon_black-Threat_intelligence.mp3

iTunes: https://itunes.apple.com/us/podcast/2016-021-carbon-blacks-cto/id799131292?i=1000369579669&mt=2

YouTube: https://youtu.be/I10R3BeGDs4

RSS: http://www.brakeingsecurity.com/rss

It was Brakesec’s pleasure to have him on to discuss EDR (#Endpoint Detection and Response), TTP (#Tactics, Techniques, and Procedures), and the #Threat #Intelligence industry.

We also ask Ben’s opinion on companies personnel ratio to infrastructure… is there a good ratio, or can 2 guys with 10,000 machines do a better job than 10 people with 100 hosts?

Ben also discusses his opinion of our “Moxie vs. Mechanisms” podcast, where businesses spend too much on shiny boxes vs. people. What is the a good mix? Pay for good talent, or pay for somthing that can function 24/7/365, and require someone to maintain it?

Ben discusses with us the Layered Approach to EDR:

1. Hunting

2. Automation

3. Integration

4. Retrospection

5. Patterns of Attack/Detection

6. indicator-based detection

7. Remediation

8. Triage

9. Visibility

We also discuss how VirusTotal’s changes in policy regarding sharing of information is going to affect the threat intel industry. http://www.theregister.co.uk/2016/05/09/security_freeloaders_not_welcome_as_virustotal_gets_tough/

Brakesec apologizes for the audio issues during minute 6 and minute 22. Google Hangouts was not kind to us 🙁

 

Show notes: https://docs.google.com/document/d/12Rn-p1u13YlmOORTYiM5Q2uKT5EswVRUj4BJVX7ECHA/edit?usp=sharing (great info)

https://roberthurlbut.com/blog/make-threat-modeling-work-oreilly-2016

 

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Many thanks to #Cybrary.it for allowing us to post this here…

ben johnson, Carbon Black CTO

PIcture of Carbon Black’s CTO Ben Johnson

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel