Pinpoint and Remediate Unknown Threats: SANS Review of EnCase Endpoint Security 6

  • Webcast Aired Thursday, 15 Mar 2018 1:00PM EST (15 Mar 2018 17:00 UTC)
  • Speakers: Jake Williams, Charles Choe

With the increasing prevalence of security incidents that can lead to data breaches, security teams are learning quickly that the endpoint is involved in almost every targeted attack. Recent trends in the SANS 2017 endpoint security survey indicate that despite the best efforts of security teams, employees are more likely than ever to fall victim to phishing and ransomware attacks, putting enterprise data at risk.

With so many warning signs coming in by way of security alerts, why are these attacks getting through and spreading on the network? Simple: Security alert volume is higher than ever and InfoSec time and resources are at a premium. The solution lies in contextual data and automation to help security analysts quickly validate and respond to real threats in their environments. '

This is the purpose of EnCase Endpoint Security, which released its version 6.02. Endpoint Security works with leading security tools to ingest alerts and then apply threat intelligence and scoring so security teams can focus their response on the most critical incidents.

In this webcast, SANS analyst Jake Williams will review his testing results, including how he used EnCase Endpoint Security to:

  • Detect unknown threats through anomalous behavior analysis
  • Validate threats with data enrichment and contextualization
  • Triage alerts and identify gaps in coverage
  • Forensically remediate threats (delete files, reset or delete registry keys, kill processes) without taking down servers

Register for this webcast and receive early access to the whitepaper written by Jake Williams.

View the associated whitepaper here.