Welcome to our blog series introducing the Real People at Binary Defense where you get to go inside our offices and meet the contributing members of our Binary Defense team.
Meet Jimmy Byrd, a born techie, Lead Developer for our Binary Defense Vision EDR software solution, and just the third person to join the company.
“Jimmy is one of the smartest folks I have ever met. As we are discussing a new feature in Vision or talking about a complex situation, you can literally see Jimmy analyzing how to make it a reality. Jimmy has been instrumental in the design, implementation, and continued success of our Vision product and a great friend. Love working with him!” said Dave Kennedy, Co-founder and CTO of Binary Defense, who saw something special in Jimmy and knew he would be a tremendous asset to help build and scale a Managed Security Services Provider (MSSP) with an exceptional EDR platform.
Jimmy not only manages the server team that created the Binary Defense EDR solution, he also leads development of the software architecture. “The Binary Defense culture is really supportive around trying to solve tech problems. I get to lead the team and work through problems in ways that directly help our customers.”
The Binary Defense Vision EDR that Jimmy helps build detects behaviors and anomalies such as PowerShell scripts and processes that do not seem normal. However, unlike many other EDR platforms, Vision also uses deception techniques to trap attackers and stop malicious activity in its tracks.
“Essentially, Binary Defense Vision writes software to detect hackers. We are not antivirus software. We do a lot more than that,” said Jimmy. In the case of detection, the Vision team looks for behaviors and other analytics to determine threats. Vision also specializes in deception. Placing fake debuggers or files that are tempting to hackers.
Jimmy shares one example, “We have inserted certain tokens in memory that we replace and people (hackers) will harvest them to look like credentials. When they try to use these credentials, we detect that and stop them in their tracks.”
The team is constantly adjusting, and tuning Binary Defense Vision as new threats and attacks appear. Working with the Binary Defense SOC (Security Operations Center) Jimmy and team receives attack information constantly. When different behaviors reveal a pattern, or an identified incident poses a substantial threat, the Vision team adjusts the EDR product for all customers to the new threat landscape.
The Binary Defense Vision team is divided up into two groups—the agent and server teams—and Jimmy leads the server team. The agent team detects behavior that may not necessarily create an alarm but after analysis and research may be deemed suspicious. For example, one failed password attempt is unremarkable, but more than 100 failed password attempts is cause for alarm. This is where Jimmy’s Vision server team step in and write the correlation rules to detect identified behaviors and keep Binary Defense customers safe. Thank you Jimmy!
And experimentation with Binary Defense Vision is clearly Jimmy’s passion. Whether its building servers and analyzing how those processes worked, orchestrating red team ideas into our detection technology, or working with the in-house dedicated Security Operations Center (SOC) and also Counterintelligence teams to discover and integrate real-time insights to make our products more effective, Jimmy uses innovation and Binary Defense team partnerships to improve security and detection for customers.
When asked what Jimmy sees changing in the threat landscape in the next six months, he replied, “Security threats are becoming ever trickier and more successful, small and medium companies will be hard pressed to keep up with the threats. I think there’s a growing need for allowing specialists to handle this ever-growing landscape.” We couldn’t agree more—that’s what Jimmy and Binary Defense is all about. Thanks again Jimmy.