Opening the Floodgates: How to Analyze 30+ TB of Endpoint Data Without Drowning Your Security Team

  • Monday, 19 Mar 2018 1:00PM EST (19 Mar 2018 17:00 UTC)
  • Speaker: Brian Beyer

Most security teams are flooded with alerts from endpoint security products. Not only are 95% of alerts not investigated due to time and resource constraints, but the most worrisome threats bypass prevention tools altogether.


Brian Beyer, co-founder and CEO of Red Canary, reveals how his organization built a massive data processing system to collect all endpoint activity and investigate magnitudes more potential threats.


This technical deep dive will cover:

  • Why it's crucial to meet attackers where they are ' at the endpoint ' and collect all endpoint activity
  • How Red Canary identifies malicious activity by applying data standardization, threat intelligence, behavioral analysis, and other techniques to feed a hunting and response team
  • How to use suppression as a secret weapon to enable a small team to process massive amounts of data daily
  • Layering crucial applications like threat intelligence and incident response on top of the architecture to quickly stop attacks
  • Firsthand insights from a team that conducts investigations into a half dozen breaches per week