$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Have You Taken The "Endpoint Blue Pill"? Debunking The Endpoint Protection Myth.

  • Friday, October 25, 2019 at 10:30 AM EST (2019-10-25 14:30:00 UTC)
  • Justin Henderson, Ismael Valenzuela


  • Cisco Systems Inc.

You can now attend the webcast using your mobile device!



"My endpoint is protected, I have a current AV & I'm fully patched"

"I know bypassing AV is possible, but it's hard!"

"I'm using application whitelisting, I'm good!"

"oh, that's APT-like stuff only, we don't have any of that here..."

If you've heard yourself saying (or thinking) any of the above, you may still live in tranquil happiness. But let me tell you: those are just the effects of taking the 'endpoint blue pill'. One that makes you believe in a world where endpoint protection works, where spending most of your time in hardening, patching and auditing cycles, gives you a sense of satisfaction and a job well done, and where there's no single evidence of any of the advanced attackers that the media reports on in your network.

Do you want to learn the truth?

Join Ismael Valenzuela and Justin Henderson, GSEs, instructors and co-authors of one of the most popular SANS Blue Team classes, SEC530: Defensible Security Architecture & Engineering, as they debunk this and many other myths around endpoint security through live demos, and learn how to architect and engineer layered defenses, not only for endpoint prevention, but also for visibility, detection and response, that work across hybrid environments.

"Remember: all I'm offering is the truth. Nothing more."

Speaker Bios

Justin Henderson

Justin Henderson is a certified SANS instructor who authored the SEC555 SIEM with Tactical Analytics course and co-authored SEC455 SIEM Design and Implementation and SEC530 Defensible Security Architecture and Engineering. He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.

Ismael Valenzuela

SANS Certified Instructor Ismael Valenzuela (https://twitter.com/aboutsecurity) is coauthor of the CyberDefense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering, and holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132).

Since he founded one of the first IT Security consultancies in Spain, Ismael Valenzuela has participated as a security professional in numerous projects across the globe over the past 19 years. Prior to his current role as Senior Principal Engineer at McAfee, where he leads research on threat hunting using machine-learning and expert-system driven investigations, Ismael led the delivery of SOC, IR & Forensics services for the Foundstone Services team within Intel globally. Previously, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world's largest providers of healthcare IT solutions, managing their security operations in more than 40 countries.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.