How to Leverage Endpoint Detection and Response (EDR) in AWS Investigations

  • Tuesday, 03 Mar 2020 3:30PM EST (03 Mar 2020 20:30 UTC)
  • Speakers: Justin Henderson, Sagar Khasnis

Adding EDR capabilities into your Amazon Web Services (AWS) environment can inform investigations and provide actionable details for remediation. In this webcast, which was previously recorded, you will discover how to unpack and leverage the telemetry provided by endpoint security solutions using MITRE Cloud examples, such as Exploit Public-Facing Application (T1190) and Data Transfer to Cloud Account (T1537) by examining process trees. You will also find out how these solutions can help identify who has vulnerable software or configurations on their systems by leveraging indicators of compromise (IOC) to pinpoint the depth and breadth of malware (MD5).

Attendees at this webcast will learn how to:

  • Utilize endpoint security visibility to enrich your investigations in AWS
  • Use EDR to add thousands of host-based observables for threat hunting
  • Auto-scale threat detection across all your cloud endpoints
  • Integrate a cloud access security broker (CASB) to extend protection to cloud apps

Register today to be among the first to receive the associated whitepaper written by SANS Instructor Justin Henderson.