Training
Featured Course View All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW
Abstract: Purple Tornado

Find Your Cybersecurity Path

Explore Paths
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

From Tools to Telemetry: A Playbook for Modern Detection and Response in Resource-Constrained Teams

  • Thu, Aug 20, 2026
  • 1:00PM - 2:00PM EDT
  • English
  • Rich Greene
  • Technical Presentation
Login to register
Webcast Hero

Thank You To Our Sponsor

Organizations can no longer rely on tool count as a measure of security maturity. As ransomware-as-a-service operators, identity-focused attackers, and supply chain adversaries increasingly target mid-market and resource-constrained organizations, security teams are being asked to defend against enterprise-grade threats without enterprise-scale resources. At the same time, cyber insurance requirements, customer security assessments, and regulatory expectations continue to raise the bar for demonstrable detection and response capabilities.

This webcast explores why the traditional tool-first approach to security operations is failing resource-constrained teams and what modern detection and response programs must do instead. SANS Senior Instructor Rich Greene will examine how organizations can shift from fragmented security tooling toward a telemetry-driven operating model centered on visibility, correlation, automation, and continuous validation. Rather than focusing on individual products, this approach emphasizes the disciplines required to detect and respond to real-world adversary behavior across interconnected environments.

What You Will Learn

  • Why ransomware affiliates and supply chain attackers increasingly target resource-constrained organizations
  • How security teams can move beyond disconnected tools to achieve meaningful telemetry fusion across endpoint, identity, network, SaaS, and cloud environments
  • Why ATT&CK-based detection coverage provides a more effective measure of defensive capability than alert volume or vendor signature counts
  • How to implement a practical four-phase operating model built around audit, consolidation, automation, and validation
  • What low-regret automation looks like and how organizations can safely pre-authorize response actions for high-confidence threats

Modern detection and response requires more than additional tools—it requires the ability to correlate telemetry, detect adversary behavior, automate appropriate response actions, and continuously validate effectiveness against evolving threats. By understanding how these disciplines work together, security leaders can improve resilience, strengthen operational efficiency, and build a more defensible security program even with limited resources.

Meet Your Speaker

Rich Greene
Rich Greene

Rich Greene

Senior Solutions Engineer at SANS Institute

Rich Greene, SANS Senior Solutions Engineer and SEC301 author, brings 20+ years of cyber operations and teaching experience to the classroom. With 15+ GIAC certifications and a passion for mentorship, he equips defenders with real-world confidence and skill.

Read more about Rich Greene