GIAC-Certified SME Support with OnDemand, PLUS Get an iPad (32G) or Galaxy Tab A!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Stopping attacks in their tracks through behavioral blocking and containment

  • Wednesday, March 25, 2020 at 1:00 PM EDT (2020-03-25 17:00:00 UTC)
  • Geoff McDonald, Shweta Jha


  • Microsoft

You can now attend the webcast using your mobile device!



The nature of threats to enterprises is changing. Sophisticated and advanced threats that were mainly used by Nation State actors are now making their way to the enterprise. All the while, breaches are becoming more frequent. Today's prevention technologies are only able to help to a certain point. The lines between prevention and detection are blurring and new capabilities are emerging to combat these more advanced threats. Join this session to learn about Microsoft Defender ATP's behavioral blocking and containment that sit in between pure prevention and detection. You'll learn about how signal sharing and comprehensive capabilities that integrate across the stack can help with stopping today's most sophisticated attacks in their tracks.

Speaker Bios

Geoff McDonald

Geoff McDonald is a Principal Research Manager on the AV team of Microsoft Defender ATP engineering, leading a team of researchers building our content and behavior-based machine-learning protection models into the client, cloud, and backend to protect against advanced malware attacks. He has a passion for machine learning, reverse-engineering, programming tools for reverse-engineering and vulnerability fuzzing, and foosball AI. You can find some of his tools and hobby projects on his personal website or github at

Shweta Jha

Shweta Jha is a Senior Program Manager with Microsoft Defender ATP engineering team, and she is responsible for developing core protection features, such as cloud delivered protection, fileless protection, behavioral monitoring and containment, anti-tampering and more. You can find her blog on tamper protection here. Her passion is to work closely with customers and develop solutions to meet their broad end-to-end security needs. You can follow her on @shwetajha_MS

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.