Security Allies: Why Successful EDR Deployments Require a Team

00:50 Panelist Introduction

01:36 Shared Philosophy

04:07  “You can’t rely on knowing what’s bad ahead of time.” – Kane 

04:28 The History of Red Canary and VMware Carbon Black

04:38 2011: Carbon Black

05:26 “Collect all the data you need to do incident response ahead of time, so you can sit down at the console and start investigating. This leads to more proactive ways of doing detection.” – Chris

06:36 2014: Red Canary

06:46 “Our founding team identified the need for a service that took this incredible source of telemetry, and instead of waiting for a red phone to ring to jump in and do incident response, we took that data to operationalize it on a day-to-day basis.” – Chris

08:49 2014: Bit 9 and Carbon Black

09:23 “The most effective way to prevent malware-based threats is to only allow trusted software to execute on systems.” – Kane

11:20 2015: Live Response and Response Plans

13:22 “This was game-changing to allow security teams to respond faster once detection had happened.” – Kane

15:11 2016: Carbon Black NGAV

16:00 “We were going to have to introduce a much higher level of security than traditional antivirus offerings.” – Kane

17:09 2018: Carbon Black Goes Public

17:42 “This was a massive day for the industry. The very first next-generation endpoint security player had made it to the public markets.” – Kane

18:20 2018: Cb ThreatHunter Launch

19:27 “This gives organizations the ability to turn on or off capabilities they need without deploying another agent.” – Kane

20:19 2019: VMware Acquires Carbon Black

21:38 “We’ve seen so many quick enhancements to the product and an amazing roadmap coming out of that.” – Chris

21:50 2020: Expanded MDR Coverage for Carbon Black Cloud Endpoint Standard

22:04 “Red Canary now investigates all alerts created by Endpoint Standard and configures prevention policies.” – Chris

23:15 Delivering Security Outcomes

23:59 How Red Canary and Carbon Black Work Together

24:14 “That’s why we believe so strongly in unfiltered telemetry—and why you need to bring it into a central location like the Carbon Black Cloud.” – Chris

24:49 “All of our analytics are mapped to MITRE ATT&CK so we can use a common language when we communicate back about what the attacker did.” – Chris

27:20 Carbon Black Technology

31:40 “A lot of innovation is going on at the moment. All condensed and consolidated in the Carbon Black Cloud.” – Kane

35:50 Red Canary Technology

38:00 “We trigger our response capabilities, whether it is automated or manual, to stop the threat.” – Chris

38:55 Trends Shaping The Future

39:15 The Size of Incidents

39:56 “We’re involved in thousands of incident responses each year. We now have more smaller scale breaches.” – Kane

42:35 Ransomware Evolution

43:37 “That’s the way we saw it in 2018: The Emotet, TrickBot, Ryuk, trifecta.” – Chris

47:05 Changes in the Endpoint Security Market

47:19 “We’re seeing security being transformed into platforms more than ever before.” – Chris

51:30 We’re MDR Too

51:40 “MDR in its purest definition is completely outcome-focused, which doesn’t align particularly well with a lot of the legacy service providers.” – Chris

53:55 Shift to WFH and Cloud Adoption

54:58 “As we evolve over time, we’re going to have to get telemetry from new data sources.” – Chris

55:13 Moving Services Out of the Kernel

56:03 The Pendulum Swing

56:10 “Security is a market that is always going to be fragmented. It’s fragmented because literally the bad guys’ job description includes innovation.” – Kane

58:22 XDR

58:32 “XDR really represents a mindset shift away from the legacy SIM and log approach to focusing on where you get the best telemetry.” – Chris