Endpoint Protection Solutions Forum

  • Friday, 09 Apr 2021 10:30AM EDT (09 Apr 2021 14:30 UTC)
  • Speakers: Jake Williams, Eric Howard, Michael Gorelik, Greg Iddon

You will earn 6 CPE credits for attending this virtual event

Forum Format: Virtual - US Eastern

Event Overview

Endpoint security is a method of protecting endpoints or entry points of end-user devices such as desktops, laptops, mobile devices, servers, ATM machines, and medical devices from being accessed by attackers. Simply put, if a device is connected to a network it is an endpoint.

It's through these entry points that a company's most valuable asset, data, is accessed and malicious activity occurs. Establishing an Endpoint Protection Platform (EPP) is vital in today's business world for all corporations to properly secure their data. As entry points have integrated into our cars, airplanes, hospitals, and our homes, security solutions that protect them also had to adapt.

Join this SANS lead forum as we explore various endpoint protection topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.


10:30 - 10:50 AM EDT - Keynote

Jake Williams, @MalwareJake, Forum Chair, SANS Institute, @SANSInstitute

10:50 - 11:25 AM EDT - Attackers are Targeting Endpoint Firmware. Are You Ready?

John Loucaides, VP R&D, Eclypsium, @Eclypsium

As enterprise security improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today's servers, laptops and networking equipment. In the past year APT and ransomware threat actors targeted enterprise VPNs en masse, the widespread BootHole vulnerability put virtually all Windows and Linux devices at risk for bootkits, TrickBot added firmware-specific capabilities and the Sunburst attack exposed pervasive risks in the technology supply chain. To keep pace, organizations and auditors must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. You'll leave this presentation with a checklist for assessing firmware security risk mapped to NIST standards.

11:25 AM - 12:00 PM EDT - Maximizing the Power of Cloud and Endpoint Security Together for a Better Threat Defense

Eric Howard, Lead Technical Marketing Engineer, Cisco, @Cisco

The lethal combination of the expanding attack surface and the increased sophistication of threats present a real and present danger to many organizations. In a recent survey, more than half of CISO's stated that users' work devices are very or extremely challenging to defend. What if you can radically simplify your approach to threat response overall in today's hybrid if not largely remote working environment? '

Having a robust cloud security as your first line of defense and endpoint security as your last line of defense create a powerful combination of effective, automated, always-on security that works everywhere your users go, both on and off the corporate network. What's more, 'when this combination comes with the cloud-native, built-in security platform that enables eXtended Detection and Response (XDR), you can protect your endpoints better, faster, and with less effort. '

Join Cisco security expert Eric Howard as he demonstrates how this XDR enabled combination delivers a much simpler and more effective solution that's available today.

12:00 - 12:10 PM EDT - Break

12:10 - 12:45 PM EDT - MITRE ATT&CK for Risk Reduction without Buying More Tools

Michael Gorelik, Chief Technology Officer, Morphisec, @morphisec

MITRE ATT&CK has quickly become one of the most popular frameworks for understanding and, in turn, addressing risk. However, it's not immediately obvious how to use this free and powerful tool to improve security posture.

In this presentation, Michael Gorelik will provide actionable steps on how to use ATT&CK to understand the techniques that threat actors are most likely to employ when targeting businesses like yours.

Once the threats are known, it becomes clear what controls are needed to thwart them. Michael will walk through how MITRE ATT&CK can help prioritize what improvements can be made to reduce the most risk, highlighting those that don't require your business to spend more money on tools.

Finally, this presentation will explore the differences between Tactics and Techniques within the current ATT&CK framework and expand on the benefits of focusing on prevention of tactics for coverage of the most techniques.

The audience will leave with an understanding of:

  • How to use MITRE ATT&CK to understand the techniques that will most likely be used against your business specifically.
  • What mitigation strategies are best suited to address the techniques that are most likely to be employed.
  • What security teams can do without spending more money to make the most impact on risk reduction.
  • Applying the MITRE ATT&CK framework to prevention of Tactics for maximum coverage of Techniques.
  • Best practices to defend against general Tactics in ATT&CK framework rather than specific Techniques used by adversaries.
  • Real-world cases of applying innovative technologies to prevent Tactics agnostic of the technique.

12:45 - 1:20 PM EDT - The Realities of Ransomware

Greg Iddon, Sophos Threat Response Strategist, Sophos, @sophos

Ransomware attacker tactics are constantly shifting - sometimes drastically - In this session Greg looks at the evolution of this prolific and damaging type of attack. He'll share stories from the frontline, looking at how the criminals operate, their techniques and how you can lower your risk of becoming their next victim.

1:20 - 1:30 PM EDT - Wrap-up


sophos logoEclypsium_Logo_Full_Color.pngMorphisec-Logo-Horizontal_(RGB_-_Color_Black).pngCisco_Systems.png