Agenda | September 15, 2023 | 10:30AM - 1:00PM EDT
Time (EDT) | Description |
---|---|
10:30AM | Welcome and Opening Remarks Matt Bromiley, Certified Instructor, SANS Institute |
10:45AM | Checkmate: How Malware Anti-Sandbox Evasion Checks Can Stall Automation of EDR/XDR Alert Triage Fully automating EDR/XDR alert validation using older hooking or kernel-mode sandbox technologies can disrupt SOCs and stall submission queues. In high-volume alert environments such as an Enterprise or MDR SOC, the time and resources spent identifying EDR alert false positives and manually triaging “suspicious” or benign malware samples that fail sandbox analysis is extremely costly. To understand the “How and Why” of automating EDR/XDR alert triage;
Join the VMRay Team on September 15th as they walk you through the best sandbox architectures for SOC automation, why automated EDR/XDR Alert triage can fail, and how to fix it. Andrew Maguire, Senior Product Marketing Manager, VMRay Ben Abbott, Security Solutions Engineer, US Team Lead, VMRay |
11:20AM | Choosing the Right XDR Strategy: A Comparative Analysis of SIEM-Driven and Alternative Approaches As cyberthreats continue to evolve, organizations are increasingly exploring Extended Detection and Response (XDR) to fortify their cybersecurity stance. Unlike Endpoint Detection and Response (EDR), which primarily focuses on endpoint protection, XDR collects and analyzes data across a wider range of sources such as endpoints, networks, cloud infrastructure, and applications. While traditional EDR solutions offer valuable protection, particularly with granular endpoint visibility, they also come with their set of challenges—like the need for additional security tool integration and a high volume of alerts requiring manual triage. One intriguing avenue organizations are exploring is SIEM-driven XDR, which integrates Security Information and Event Management (SIEM) as a foundational layer. Here are some key advantages of this approach:
However, it's crucial to note that SIEM-driven XDR is not the only viable approach. Other strategies, such as cloud-native and AI-driven XDR, each offer their unique advantages and challenges. For example, while SIEM-driven XDR excels in historical and real-time data correlation, cloud-native XDR may offer more agility and reduced overhead. Similarly, AI-driven XDR solutions might offer superior machine learning algorithms for threat detection but may have limitations in other areas. Join me as we explore specific case studies to compare and contrast the benefits and challenges of various XDR approaches, including SIEM-driven models. Whether you view adopting a specific XDR strategy as an important consideration or a strategic choice, this session aims to provide a balanced, comprehensive guide to making well-informed security decisions. Matt Warner, CTO, Blumira |
11:55AM | Break |
12:10PM | PANEL: Is an XDR Strategy Right for Me? eXtended Detection and Response, or XDR, is a term we’ve seen around the industry for years now as the “new” way to approach security. However, for many organizations, XDR feels like EDR++; the same capabilities but a new label. Perhaps it’s time we clear the air. Join us in the final session of our XDR/EDR forum for an interactive panel, where we will field questions from our audience as well as reflect on the thoughts from the day’s events. Our panel will also look at XDR as a strategy, how security teams can benefit, and what are some of the key components to get started with XDR today. Moderator: Matt Bromiley, Certified Instructor, SANS InstitutePanelist: Matt Warner, CTO, Blumira Andrey Voitenko, Product Manager, VMRay |
12:55PM | Closing Remarks Matt Bromiley, Certified Instructor, SANS Institute |