The traditional response model for blue teams, designed with years of experience with virus and worm outbreaks, starts to become less effective when applied to adversaries who are actively attempting to bypass your defenses. The days of simply responding to alerts are over and a shift to employing more "active" defenses and developing intelligence about threat actors has started. This presentation will discuss developing a defense that “blitzes” how to gather threat intelligence via open source data, how to analyze and extract data from attacks against your environment, and how to establish a more "active defense" of your network.
Ben spends his time enjoying being a husband, dad, and messing around with anything that has a button, dial, or blinking light on it. He was the author for "Asterisk Hacking" from Elsevier Publishing, has spoken at various conferences, and has appeared on various media outlets discussing security and privacy. Ben strongly dislikes Thursdays and writing about himself in the third person.