Reward Yourself! Get a $400 Amazon Gift Card with OnDemand 5 or 6 Section Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

EDR + NGAV Working Together: SANS Review of Carbon Black Cb Defense

  • Friday, September 15, 2017 at 1:00 PM EDT (2017-09-15 17:00:00 UTC)
  • Jerry Shenk, Brian Gladstein


  • Carbon Black

You can now attend the webcast using your mobile device!



Endpoints of all types are falling victim to phishing, ransomware, wipeware, zero days, DDoS and other damaging attacks, according to multiple SANS surveys and industry reports. IoT devices are being conscripted into botnets for sending DDoS attacks, new variants of ransomware are being released and spreading at astonishing speeds, and the most cunning attackers are actively searching and traversing entire networks of endpoints (and hiding their tracks).

In this webcast, learn how next-generation antivirus (NGAV), combined with the power of endpoint detection and response (EDR), can accurately and completely connect dots between suspicious and unauthorized activities to detect and fully remediate real threats.

SANS analyst Jerry Shenk will reveal how he put Carbon Black's Cb Defense through simulated ransomware, malware and various malwareless attacks to see what it detected and how it took action. He will discuss how Cb Defense NGAV detects these threats, how the Cb Defense EDR maps suspicious activity and patterns into attack visualizations for incident response and remediation, and how Cb Defense shows the attack chain and the steps of remediation. Specifically, learn how Cb Defense detects, reacts to and helps remediate the following:

  • Simple, known malware
  • Command shell attacks via NetCat
  • PowerShell attacks
  • Ransomware attacks based on new variants

Click here and be among the first to receive access to the associated whitepaper written by Jerry Shenk.

Speaker Bios

Jerry Shenk

Jerry Shenk currently serves as a senior analyst for the SANS Institute and is senior security analyst for Windstream Communications, working out of the company's Ephrata, Pennsylvania, location. Since 1984, he has consulted with companies and financial and educational institutions on issues of network design, security, forensic analysis and penetration testing. His experience spans networks of all sizes, from small home-office systems to global networks. Along with some vendor-specific certifications, Jerry holds six GIAC certifications - all completed with honors - and five with Gold certifications: GCIA, GCIH, GCFW, GSNA, GPEN and GCFA. He also holds the CISSP certification.

Brian Gladstein

Brian joins Cmd as VP of Marketing, bringing over 15 years in the cybersecurity industry at companies that include Carbon Black and RSA Security. He specializes in emerging security technology, launching category-redefining products that disrupt the status quo and help protect millions of people around the globe.  

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.