Passive Isn\\'t Good Enough: Moving into Active EDR

  • Tuesday, 21 May 2019 1:00PM EDT (21 May 2019 17:00 UTC)
  • Speakers: Justin Henderson, Migo Kedem

Endpoint detection and response (EDR) technologies pick up where antivirus technologies leave off. EDR focuses on identifying anomalous activity at scale, but often falls prey to delayed analyses due to cloud management systems and drains on staffing and time. Another technology, endpoint protection platform (EPP), is also purported to manage endpoint security. While it utilizes multiple solutions to provide preventive controls, it often lacks enterprise class detection and reporting capabilities.

The most recent addition to the endpoint protection arsenal is Active endpoint detection and response. It provides a solution to the failings of both EDR and EPP through its real-time analysis capabilities.

Attendees of this webcast will learn about:

  • What makes Active EDR different from Passive EDR and, therefore, so useful for analysis on a large scale
  • How Active EDR can help organizations by providing both machine-powered data and machine-powered context for analysis and decision making based on that data
  • The role and importance of intelligent decision making through the use of artificial intelligence processed at the endpoint
  • Why known attacks should be handled in Active versus Passive EDR alerts
  • The types of holistic storytelling Active EDR can tell about a given attacks

Register now and be the first to receive the associated paper, including actionable takeaways, written by SANS analyst, instructor and cybersecurity expert Justin Henderson.