Ben Johnson (@chicagoben on Twitter) has spent a good deal of time working on protecting client's endpoints. From his work at the NSA, to being the co-founder of Carbon Black (@carbonblack_inc). We managed to have him on to discuss EDR (#Endpoint Detection and Response), TTP (#Tactics, Techniques, and Procedures), and #Threat #Intelligence industry. Ben discusses with us the Layered Approach to EDR: 1. Hunting 2. Automation 3. Integration 4. Retrospection 5. Patterns of Attack/Detection 6. indicator-based detection 7. Remediation 8. Triage 9. Visibility We also discuss how VirusTotal's changes in policy regarding sharing of information is going to affect the threat intel industry. Ben also discusses his opinion of our "Moxie vs. Mechanisms" podcast, where businesses spend too much on shiny boxes vs. people. Brakesec apologizes for the audio issues during minute 6 and minute 22. Google Hangouts was not kind to us :( Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-021-Ben_Johnson-Carbon_black-Threat_intelligence.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-021-carbon-blacks-cto/id799131292?i=1000369579669&mt=2 YouTube: https://youtu.be/I10R3BeGDs4 RSS: http://www.brakeingsecurity.com/rss Show notes: https://docs.google.com/document/d/12Rn-p1u13YlmOORTYiM5Q2uKT5EswVRUj4BJVX7ECHA/edit?usp=sharing (great info) https://roberthurlbut.com/blog/make-threat-modeling-work-oreilly-2016   Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/