Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Endpoint Protection Solutions Forum

  • Friday, April 9th | 10:30 AM - 2:30 PM EDTFriday, April 09, 2021 at 10:30 AM EDT (2021-04-09 14:30:00 UTC)
  • Jake Williams, Eric Howard, Michael Gorelik, Greg Iddon


  • Cisco Security
  • Eclypsium
  • Morphisec
  • Sophos Inc.

You can now attend the webcast using your mobile device!



You will earn 6 CPE credits for attending this virtual event

Forum Format: Virtual - US Eastern

Event Overview

Endpoint security is a method of protecting endpoints or entry points of end-user devices such as desktops, laptops, mobile devices, servers, ATM machines, and medical devices from being accessed by attackers. Simply put, if a device is connected to a network it is an endpoint.

Its through these entry points that a companys most valuable asset, data, is accessed and malicious activity occurs. Establishing an Endpoint Protection Platform (EPP) is vital in todays business world for all corporations to properly secure their data. As entry points have integrated into our cars, airplanes, hospitals, and our homes, security solutions that protect them also had to adapt.

Join this SANS lead forum as we explore various endpoint protection topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.


10:30 - 10:50 AM EDT - Keynote

Jake Williams, @MalwareJake, Forum Chair, SANS Institute, @SANSInstitute


10:50 - 11:25 AM EDT - Attackers are Targeting Endpoint Firmware. Are You Ready?

John Loucaides, VP R&D, Eclypsium, @Eclypsium

As enterprise security improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today's servers, laptops and networking equipment. In the past year APT and ransomware threat actors targeted enterprise VPNs en masse, the widespread BootHole vulnerability put virtually all Windows and Linux devices at risk for bootkits, TrickBot added firmware-specific capabilities and the Sunburst attack exposed pervasive risks in the technology supply chain. To keep pace, organizations and auditors must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. You'll leave this presentation with a checklist for assessing firmware security risk mapped to NIST standards.


11:25 AM - 12:00 PM EDT - Maximizing the Power of Cloud and Endpoint Security Together for a Better Threat Defense

Eric Howard, Lead Technical Marketing Engineer, Cisco, @Cisco

The lethal combination of the expanding attack surface and the increased sophistication of threats present a real and present danger to many organizations. In a recent survey, more than half of CISO's stated that users' work devices are very or extremely challenging to defend. What if you can radically simplify your approach to threat response overall in today's hybrid if not largely remote working environment? 

Having a robust cloud security as your first line of defense and endpoint security as your last line of defense create a powerful combination of effective, automated, always-on security that works everywhere your users go, both on and off the corporate network. What's more, when this combination comes with the cloud-native, built-in security platform that enables eXtended Detection and Response (XDR), you can protect your endpoints better, faster, and with less effort. 

Join Cisco security expert Eric Howard as he demonstrates how this XDR enabled combination delivers a much simpler and more effective solution that's available today.


12:00 - 12:10 PM EDT - Break


12:10 - 12:45 PM EDT - MITRE ATT&CK for Risk Reduction without Buying More Tools

Michael Gorelik, Chief Technology Officer, Morphisec, @morphisec

MITRE ATT&CK has quickly become one of the most popular frameworks for understanding and, in turn, addressing risk. However, its not immediately obvious how to use this free and powerful tool to improve security posture.

In this presentation, Michael Gorelik will provide actionable steps on how to use ATT&CK to understand the techniques that threat actors are most likely to employ when targeting businesses like yours.

Once the threats are known, it becomes clear what controls are needed to thwart them. Michael will walk through how MITRE ATT&CK can help prioritize what improvements can be made to reduce the most risk, highlighting those that dont require your business to spend more money on tools.

Finally, this presentation will explore the differences between Tactics and Techniques within the current ATT&CK framework and expand on the benefits of focusing on prevention of tactics for coverage of the most techniques.

The audience will leave with an understanding of:

  • How to use MITRE ATT&CK to understand the techniques that will most likely be used against your business specifically.
  • What mitigation strategies are best suited to address the techniques that are most likely to be employed.
  • What security teams can do without spending more money to make the most impact on risk reduction.
  • Applying the MITRE ATT&CK framework to prevention of Tactics for maximum coverage of Techniques.
  • Best practices to defend against general Tactics in ATT&CK framework rather than specific Techniques used by adversaries.
  • Real-world cases of applying innovative technologies to prevent Tactics agnostic of the technique.


12:45 - 1:20 PM EDT - The Realities of Ransomware

Greg Iddon, Sophos Threat Response Strategist, Sophos, @sophos

Ransomware attacker tactics are constantly shifting - sometimes drastically - In this session Greg looks at the evolution of this prolific and damaging type of attack. He'll share stories from the frontline, looking at how the criminals operate, their techniques and how you can lower your risk of becoming their next victim.


1:20 - 1:30 PM EDT - Wrap-up


Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Eric Howard

Eric Howard leads a team of Technical Marketing Engineers at Cisco focused on endpoint technologies that blend protection, detection, and response capabilities. Prior to joining Cisco Eric worked at Sourcefire as a Senior Security Engineer, focused on IDS/IPS and later malware prevention and the launch of the AMP products. 

Michael Gorelik

Morphisec’s CTO, Michael Gorelik, has more than nine years of hands-on experience leading diverse cybersecurity software development projects and experience in the software industry in general. Prior to Morphisec, Michael was the VP R&D at MotionLogic GmbH and before that served in senior leadership positions at Deutsche Telekom Labs. Michael holds Bsc and Msc degrees from the Computer Science department at Ben-Gurion University, focusing on low level synchronization in different OS architectures. He also jointly holds two patents in the IT space.

Greg Iddon

Greg is a strategist in the Sophos Technology Office and a manager for Sophos Managed Threat Response. A rampant, idiosyncratic nerd with a thoroughly 'British' sense of humour, Greg strongly believes that the complexities of computing and security can be made accessible, funny, and interesting to the masses, and takes every opportunity to share his passion with anyone who wishes to listen.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.