Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

Using MITRE ATT&CK® 2020 Evaluation Data to Show How An Advanced Endpoint Detection/Response Product Mitigated APT29

  • Tuesday, August 25, 2020 at 9:00 PM EDT (2020-08-26 01:00:00 UTC)
  • John Pescatore, Jared Phipps


  • SentinelOne

You can now attend the webcast using your mobile device!



SANS surveys have shown SOC managers and analysts have rapidly adopted the MITRE ATT&CKŪ Framework for a variety of uses. MITRE has expanded their support for the framework to include independent evaluations of vendor product performance against specific threats. Recently, MITRE released the 2020 ATT&CK evaluation results, focusing on performance of products against APT29, the notorious actor which evaded the DNC, shows us that many of todays EDR tools fail to cope with advanced techniques.

At this webinar, SANS Director of Emerging Security Trends will provide an overview of the emerging uses of the MITRE ATT&CK framework and data from recent SANS Surveys. Jared Phipps of SentinelOne will drill down into the MITRE evaluation against APT29, explaining how MITRE preformed the tests and providing an security analyst-oriented view of how SentinelOnes product performed and how it would be use to more quickly detect and respond to advanced targeted attacks in general.

In the webinar, we'll present:

  • Why MITRE ATT&CK matters and how it can help you save cost/time
  • Whats the difference between good and great EDR
  • What can we learn from APT29 - operationalize the lessons from MITRE ATT&CK

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Jared Phipps

Jared has been involved in cybersecurity professionally since 2001, and is passionate not only about technology, but also with effective use of technology to solve real problems. Jared is the Vice President of Worldwide Sales Engineering at SentinelOne, where he gets to use his passion for technology and experience in cybersecurity daily as he advises various prospects and clients through security projects. He spent the prior 6 years leading the sales engineering, professional services and incident response teams at Fidelis Cybersecurity. Prior to joining Fidelis he worked for MITRE supporting NSA Cryptographic Modernization Programs for the United States Air Force. Jared is a veteran of the United States Air Force where he worked in cyber defense and offensive cyber operations.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.