Chief Technology Officer
Ben April is the Chief Technology Officer at Farsight Security, Inc. Prior to joining Farsight Security, Mr. April spent eight years at Trend Micro, where he became the Americas regional manager of the forward-looking threat research team. He has presented to security conferences on five continents, covering topics like Bitcoin, NFC, operational security and infrastructure security. Mr. April has built research systems for collecting and aggregating data, from Whois and the Bitcoin block-chain to the global routing table. His current crusade is to eliminate the technical and policy barriers that impede data-sharing among white-hat security researchers. Mr. April is also a volunteer sysadmin and coder for some trusted-community security projects.
Gaining Tactical Intelligence using DNS
To Catch a Scammer: Exposing a Scammer's Digital Web with Passive DNS
The DNS High Ground
NFC: I Don't Think It Means What You Think It Means
Passive DNS: Forensics and Analysis
One Bad Indicator Leads to Another
DNS Mapping for Better Context on Threats
In this piece that highlights how the hackers behind this new DNS hijacking campaign have concealed their operation by using “certificate impersonation," Mr. April underscores why traditional security methods are no longer effective: “The industry advice from the late 90’s suggesting end-users ‘look for the padlock’ won’t cut it,” said Ben April, CTO of the threat intelligence vendor Farsight Security. “There are plenty of sites using [domain validation] because they only want to prevent eavesdropping, that works fine.”
Interviewed for a story about the cloaked identify of the owner(s) running a group of “hyper-partisan” websites: “It’s not an easy thing to determine who is behind a website,” said Ben April, director of research at Farsight Security, a San Mateo, California, company with tools that specialize in tracing the history and connections of websites — or domains — on the internet.
In this interview, Mr. April highlights four top trends for 2019, including an increased focus on privacy: ”New products and proposals promising to fix specific privacy problems will continue to appear. Some will actually move the needle on one or more aspects of privacy and may miss entirely or make things worse for other aspects.“
Among the many topics Mr. April discusses in this wide-ranging interview: why diversity is important to an organization’s security team: “We need to field diverse defense teams to protect our assets from adversaries who don't follow the rules that we follow, be they legal, business or social rules. If everyone followed a clear set of rules, the landscape in this space would be drastically different.”