"My endpoint is protected, I have a current AV & I'm fully patched"
"I know bypassing AV is possible, but it's hard!"
"I'm using application whitelisting, I'm good!"
"oh, that's APT-like stuff only, we don't have any of that here..."
If you've heard yourself saying (or thinking) any of the above, you may still live in tranquil happiness. But let me tell you: those are just the effects of taking the 'endpoint blue pill'. One that makes you believe in a world where endpoint protection works, where spending most of your time in hardening, patching and auditing cycles, gives you a sense of satisfaction and a job well done, and where there's no single evidence of any of the advanced attackers that the media reports on in your network.
Do you want to learn the truth?
Join Ismael Valenzuela and Justin Henderson, GSEs, instructors and co-authors of one of the most popular SANS Blue Team classes, SEC530: Defensible Security Architecture & Engineering, as they debunk this and many other myths around endpoint security through live demos, and learn how to architect and engineer layered defenses, not only for endpoint prevention, but also for visibility, detection and response, that work across hybrid environments.
"Remember: all I'm offering is the truth. Nothing more."