Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Passive Isn't Good Enough: Moving into Active EDR

  • Tuesday, May 21, 2019 at 1:00 PM EDT (2019-05-21 17:00:00 UTC)
  • Justin Henderson, Migo Kedem


  • SentinelOne

You can now attend the webcast using your mobile device!



Endpoint detection and response (EDR) technologies pick up where antivirus technologies leave off. EDR focuses on identifying anomalous activity at scale, but often falls prey to delayed analyses due to cloud management systems and drains on staffing and time. Another technology, endpoint protection platform (EPP), is also purported to manage endpoint security. While it utilizes multiple solutions to provide preventive controls, it often lacks enterprise class detection and reporting capabilities.

The most recent addition to the endpoint protection arsenal is Active endpoint detection and response. It provides a solution to the failings of both EDR and EPP through its real-time analysis capabilities.

Attendees of this webcast will learn about:

  • What makes Active EDR different from Passive EDR and, therefore, so useful for analysis on a large scale
  • How Active EDR can help organizations by providing both machine-powered data and machine-powered context for analysis and decision making based on that data
  • The role and importance of intelligent decision making through the use of artificial intelligence processed at the endpoint
  • Why known attacks should be handled in Active versus Passive EDR alerts
  • The types of holistic storytelling Active EDR can tell about a given attacks

Register now and be the first to receive the associated paper, including actionable takeaways, written by SANS analyst, instructor and cybersecurity expert Justin Henderson.

Speaker Bios

Justin Henderson

Justin Henderson is a certified SANS instructor who authored the SEC555 SIEM with Tactical Analytics course and co-authored SEC455 SIEM Design and Implementation and SEC530 Defensible Security Architecture and Engineering. He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.

Migo Kedem

Migo Kedem is the senior director of products and marketing at SentinelOne. Before joining SentinelOne, Mr. Kedem spent a decade in building cybersecurity products for Palo Alto Networks and Checkpoint.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.