Last Day to Save $200 on Cutting-Edge Cyber Security Training at SANS Chicago 2019!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Passive Isn't Good Enough: Moving into Active EDR

  • Tuesday, May 21st, 2019 at 1:00 PM EDT (17:00:00 UTC)
  • Justin Henderson and Migo Kedem
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • SentinelOne

You can now attend the webcast using your mobile device!

Overview

Endpoint detection and response (EDR) technologies pick up where antivirus technologies leave off. EDR focuses on identifying anomalous activity at scale, but often falls prey to delayed analyses due to cloud management systems and drains on staffing and time. Another technology, endpoint protection platform (EPP), is also purported to manage endpoint security. While it utilizes multiple solutions to provide preventive controls, it often lacks enterprise class detection and reporting capabilities.

The most recent addition to the endpoint protection arsenal is Active endpoint detection and response. It provides a solution to the failings of both EDR and EPP through its real-time analysis capabilities.

Attendees of this webcast will learn about:

  • What makes Active EDR different from Passive EDR and, therefore, so useful for analysis on a large scale
  • How Active EDR can help organizations by providing both machine-powered data and machine-powered context for analysis and decision making based on that data
  • The role and importance of intelligent decision making through the use of artificial intelligence processed at the endpoint
  • Why known attacks should be handled in Active versus Passive EDR alerts
  • The types of holistic storytelling Active EDR can tell about a given attacks

Register now and be the first to receive the associated paper, including actionable takeaways, written by SANS analyst, instructor and cybersecurity expert Justin Henderson.

Speaker Bios

Justin Henderson

Justin Henderson is a certified SANS instructor who authored the SEC555 (SIEM with Tactical Analytics) course and co-authored SEC455 (SIEM Design and Implementation) and SEC530 (Defensible Security Architecture). He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.


Migo Kedem

Migo Kedem is the senior director of products and marketing at SentinelOne. Before joining SentinelOne, Mr. Kedem spent a decade in building cybersecurity products for Palo Alto Networks and Checkpoint.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.