[embed]https://www.youtube.com/watch?v=I10R3BeGDs4[/embed]Ben Johnson (@chicagoben on Twitter) has spent a good deal of time working on protecting client's endpoints. From his work at the NSA, to being the co-founder of Carbon Black (@carbonblack_inc).
Ben is co-founder and chief security strategist for Carbon Black.
In that role, he uses his experience as a cofounder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry analysts.Johnson, who was directly responsible for the powerful functionality of the Carbon Black endpoint threat detection and response (ETDR) solution, has extensive experience building complex systems for environments where speed and reliability are paramount.His background also includes a great deal of technical “agility,” having worked on advanced operational teams supporting U.S. national security missions and writing complex calculation engines for the financial sector.Ben earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University
It was Brakesec's pleasure to have him on to discuss EDR (#Endpoint Detection and Response), TTP (#Tactics, Techniques, and Procedures), and the#Threat #Intelligence industry.We also ask Ben's opinion on companies personnel ratio to infrastructure... is there a good ratio, or can 2 guys with 10,000 machines do a better job than 10 people with 100 hosts?Ben also discusses his opinion of our "Moxie vs. Mechanisms" podcast, where businesses spend too much on shiny boxes vs. people. What is the a good mix? Pay for good talent, or pay for somthing that can function 24/7/365, and require someone to maintain it?Ben discusses with us the Layered Approach to EDR:1. Hunting2. Automation3. Integration4. Retrospection5. Patterns of Attack/Detection6. indicator-based detection7. Remediation8. Triage9. VisibilityWe also discuss how VirusTotal's changes in policy regarding sharing of information is going to affect the threat intel industry. http://www.theregister.co.uk/2016/05/09/security_freeloaders_not_welcome_as_virustotal_gets_tough/
Brakesec apologizes for the audio issues during minute 6 and minute 22. Google Hangouts was not kind to us :( Show notes: https://docs.google.com/document/d/12Rn-p1u13YlmOORTYiM5Q2uKT5EswVRUj4BJVX7ECHA/edit?usp=sharing
(great info) https://roberthurlbut.com/blog/make-threat-modeling-work-oreilly-2016
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake#Facebook: https://www.facebook.com/BrakeingDownSec/
Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
Many thanks to#Cybrary.it for allowing us to post this here...[caption id="attachment_59302" align="alignnone" width="150"]
PIcture of Carbon Black's CTO Ben Johnson[/caption]